* Sun Feb 07 2010 Eric Sandeen <sandeen@redhat.com> 1.41.9-10e2fsprogs-1_41_9-10_fc13

- Upstream version of resize2fs array fix, original was wrong

2 files changed, 44 insertions, 31 deletions

diff --git a/e2fsprogs-1.41.9-resize-array.patch b/e2fsprogs-1.41.9-resize-array.patch
index e6aecf8..3c2e022 100644
--- a/e2fsprogs-1.41.9-resize-array.patch
+++ b/e2fsprogs-1.41.9-resize-array.patch
@@ -1,38 +1,48 @@
-Index: e2fsprogs-1.41.9/resize/resize2fs.c
-===================================================================
---- e2fsprogs-1.41.9.orig/resize/resize2fs.c
-+++ e2fsprogs-1.41.9/resize/resize2fs.c
-@@ -1818,9 +1818,6 @@ static errcode_t ext2fs_calculate_summar
- 			fs->group_desc[group].bg_free_blocks_count =
+commit 40b09fbe01fac8722b699b29f796e18550d68c84
+Author: Theodore Ts'o <tytso@mit.edu>
+Date:   Fri Feb 5 22:25:03 2010 -0500
+
+    resize2fs: Fix fix uninit group test accessing invalid memory
+    
+    Commit 74128f8 added tests for uninit groups, but it could access past
+    the end of the group_desc[] array after processing the last group:
+    
+    ==19668== Invalid read of size 2
+    ==19668==    at 0x40518C: resize_fs (resize2fs.c:1824)
+    ==19668==    by 0x405A46: main (main.c:451)
+    ==19668==  Address 0x5a0d002 is not stack'd, malloc'd or (recently) free'd
+    ==19668==
+    ==19668== Invalid read of size 2
+    ==19668==    at 0x405391: resize_fs (resize2fs.c:1864)
+    ==19668==    by 0x405A46: main (main.c:451)
+    ==19668==  Address 0x5a0d002 is not stack'd, malloc'd or (recently) free'd
+    ==19668==
+    
+    It was found by Eric Sandeen running the regression suite through
+    valgrind.
+    
+    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
+
+diff --git a/resize/resize2fs.c b/resize/resize2fs.c
+index 75c4721..346fd53 100644
+--- a/resize/resize2fs.c
++++ b/resize/resize2fs.c
+@@ -1819,6 +1819,8 @@ static errcode_t ext2fs_calculate_summary_stats(ext2_filsys fs)
  				group_free;
  			ext2fs_group_desc_csum_set(fs, group);
--			group++;
--			count = 0;
--			group_free = 0;
+ 			group++;
++			if (group >= fs->group_desc_count)
++				break;
+ 			count = 0;
+ 			group_free = 0;
  			uninit = (fs->group_desc[group].bg_flags &
- 				  EXT2_BG_BLOCK_UNINIT);
- 			ext2fs_super_and_bgd_loc(fs, group, &super_blk,
-@@ -1832,6 +1829,9 @@ static errcode_t ext2fs_calculate_summar
- 			else
- 				old_desc_blocks = fs->desc_blocks +
- 					fs->super->s_reserved_gdt_blocks;
-+			group++;
-+			count = 0;
-+			group_free = 0;
- 		}
- 	}
- 	fs->super->s_free_blocks_count = total_free;
-@@ -1858,11 +1858,11 @@ static errcode_t ext2fs_calculate_summar
- 			fs->group_desc[group].bg_free_inodes_count =
+@@ -1859,6 +1861,8 @@ static errcode_t ext2fs_calculate_summary_stats(ext2_filsys fs)
  				group_free;
  			ext2fs_group_desc_csum_set(fs, group);
-+			uninit = (fs->group_desc[group].bg_flags &
-+				  EXT2_BG_INODE_UNINIT);
  			group++;
++			if (group >= fs->group_desc_count)
++				break;
  			count = 0;
  			group_free = 0;
--			uninit = (fs->group_desc[group].bg_flags &
--				  EXT2_BG_INODE_UNINIT);
- 		}
- 	}
- 	fs->super->s_free_inodes_count = total_free;
+ 			uninit = (fs->group_desc[group].bg_flags &
+
diff --git a/e2fsprogs.spec b/e2fsprogs.spec
index 0a414de..8acc6eb 100644
--- a/e2fsprogs.spec
+++ b/e2fsprogs.spec
@@ -4,7 +4,7 @@
 Summary: Utilities for managing ext2, ext3, and ext4 filesystems
 Name: e2fsprogs
 Version: 1.41.9
-Release: 9%{?dist}
+Release: 10%{?dist}
 
 # License tags based on COPYING file distinctions for various components
 License: GPLv2
@@ -317,6 +317,9 @@ exit 0
 %{_libdir}/pkgconfig/ss.pc
 
 %changelog
+* Sun Feb 07 2010 Eric Sandeen <sandeen@redhat.com> 1.41.9-10
+- Upstream version of resize2fs array fix, original was wrong
+
 * Sat Jan 23 2010 Eric Sandeen <sandeen@redhat.com> 1.41.9-9
 - Fix up stray output & re-enable make check
 - Fix dlopen issues for newer libreadline