From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12967 invoked by alias); 25 Mar 2011 22:02:27 -0000 Received: (qmail 12949 invoked by uid 9478); 25 Mar 2011 22:02:27 -0000 Date: Fri, 25 Mar 2011 22:02:00 -0000 Message-ID: <20110325220227.12947.qmail@sourceware.org> From: jbrassow@sourceware.org To: lvm-devel@redhat.com, lvm2-cvs@sourceware.org Subject: LVM2/lib/metadata lv_manip.c Mailing-List: contact lvm2-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: lvm2-cvs-owner@sourceware.org X-SW-Source: 2011-03/txt/msg00075.txt.bz2 CVSROOT: /cvs/lvm2 Module name: LVM2 Changes by: jbrassow@sourceware.org 2011-03-25 22:02:27 Modified files: lib/metadata : lv_manip.c Log message: Fix unhandled condition in _move_lv_segments If _move_lv_segments is passed a 'lv_from' that does not yet have any segments, it will screw things up because the code that does the segment copy assumes there is at least one segment. See copy code here: lv_to->segments = lv_from->segments; lv_to->segments.n->p = &lv_to->segments; lv_to->segments.p->n = &lv_to->segments; If 'segments' is an empty list, the first statement copies over the values, but the next two reset those values to point to the other LV's list structure. 'lv_to' now appears to have one segment, but it is really an ill-set pointer. Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/LVM2/lib/metadata/lv_manip.c.diff?cvsroot=lvm2&r1=1.251&r2=1.252 --- LVM2/lib/metadata/lv_manip.c 2011/02/28 19:53:03 1.251 +++ LVM2/lib/metadata/lv_manip.c 2011/03/25 22:02:27 1.252 @@ -2950,7 +2950,8 @@ } } - lv_to->segments = lv_from->segments; + if (!dm_list_empty(&lv_from->segments)) + lv_to->segments = lv_from->segments; lv_to->segments.n->p = &lv_to->segments; lv_to->segments.p->n = &lv_to->segments;