[PATCH] dos: don't write sector-size (>512) bytes from a 512-byte buffer

[Jim Meyering]

* libparted/labels/dos.c (write_ext_table): Fix this error reported
by valgrind, by allocating/using a sector-sized buffer, rather than
using a 512-byte buffer on the stack.
Syscall param write(buf) points to uninitialised byte(s)
   at 0x33E12D13A0: __write_nocancel (in /lib64/libc-2.10.1.so)
   by 0x432B48: linux_write (linux.c:1782)
   by 0x42648C: write_ext_table (dos.c:1063)
   by 0x426471: write_ext_table (dos.c:1059)
   by 0x4268C5: msdos_write (dos.c:1094)
   by 0x40E9C4: ped_disk_commit_to_dev (disk.c:479)
   by 0x40EA08: ped_disk_commit (disk.c:502)
   by 0x408AE0: test_duplicate (disk.c:79)
   by 0x4C249ED: srunner_run_all (in /usr/lib64/libcheck.so.0.0.0)
   by 0x4089AD: main (disk.c:121)
 Address 0x4e48e00 is 512 bytes inside a block of size 1,024 alloc'd
   at 0x4A05260: memalign (vg_replace_malloc.c:460)
   by 0x4A05317: posix_memalign (vg_replace_malloc.c:569)
   by 0x432B06: linux_write (linux.c:1777)
   by 0x42648C: write_ext_table (dos.c:1063)
   by 0x426471: write_ext_table (dos.c:1059)
   by 0x4268C5: msdos_write (dos.c:1094)
   by 0x40E9C4: ped_disk_commit_to_dev (disk.c:479)
   by 0x40EA08: ped_disk_commit (disk.c:502)
   by 0x408AE0: test_duplicate (disk.c:79)
   by 0x4C249ED: srunner_run_all (in /usr/lib64/libcheck.so.0.0.0)
   by 0x4089AD: main (disk.c:121)
---
 libparted/labels/dos.c |   16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/libparted/labels/dos.c b/libparted/labels/dos.c
index 6fe065c..2174abc 100644
--- a/libparted/labels/dos.c
+++ b/libparted/labels/dos.c
@@ -1026,7 +1026,6 @@ static int
 write_ext_table (const PedDisk* disk,
                  PedSector sector, const PedPartition* logical)
 {
-	DosRawTable		table;
 	PedPartition*		part;
 	PedSector		lba_offset;

@@ -1036,10 +1035,13 @@ write_ext_table (const PedDisk* disk,

 	lba_offset = ped_disk_extended_partition (disk)->geom.start;

-	memset (&table, 0, sizeof (DosRawTable));
-	table.magic = PED_CPU_TO_LE16 (MSDOS_MAGIC);
+	void *s = ped_calloc (disk->dev->sector_size);
+	if (s == NULL)
+		return 0;
+	DosRawTable *table = s;
+	table->magic = PED_CPU_TO_LE16 (MSDOS_MAGIC);

-	if (!fill_raw_part (&table.partitions[0], logical, sector))
+	if (!fill_raw_part (&table->partitions[0], logical, sector))
 		return 0;

 	part = ped_disk_get_partition (disk, logical->num + 1);
@@ -1052,7 +1054,7 @@ write_ext_table (const PedDisk* disk,
 		if (!geom)
 			return 0;
 		partition_probe_bios_geometry (part, &bios_geom);
-		fill_ext_raw_part_geom (&table.partitions[1], &bios_geom,
+		fill_ext_raw_part_geom (&table->partitions[1], &bios_geom,
 				        geom, lba_offset);
 		ped_geometry_destroy (geom);

@@ -1060,7 +1062,9 @@ write_ext_table (const PedDisk* disk,
 			return 0;
 	}

-	return ped_device_write (disk->dev, (void*) &table, sector, 1);
+	int ok = ped_device_write (disk->dev, table, sector, 1);
+	free (s);
+	return ok;
 }

 static int
--
1.6.3.3.524.g8586b