From fa9d7db0dfc89befe87a73f22e7d0473e505c9d9 Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Wed, 5 Oct 2011 15:51:10 -0700
Subject: [PATCH 4/4] libparted: Fix a bug in the hfs probe functions
 (#714758)

* libparted/fs/hfs/probe.c (hfsplus_probe): Add a check on the
  search value and reject it if it is negative.
  (hfsx_probe): Same
  (hfs_and_wrapper_probe): Same
---
 libparted/fs/hfs/probe.c |   18 +++++++++++-------
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/libparted/fs/hfs/probe.c b/libparted/fs/hfs/probe.c
index 8c656cf..bf4d70b 100644
--- a/libparted/fs/hfs/probe.c
+++ b/libparted/fs/hfs/probe.c
@@ -82,7 +82,8 @@ hfs_and_wrapper_probe (PedGeometry* geom)
 		  + ((PedSector) PED_BE16_TO_CPU (mdb->total_blocks)
 		     * (PED_BE32_TO_CPU (mdb->block_size) / PED_SECTOR_SIZE_DEFAULT )));
 	max = search + (PED_BE32_TO_CPU (mdb->block_size) / PED_SECTOR_SIZE_DEFAULT);
-	if (!(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 2)))
+	if ((search < 0)
+	    || !(geom_ret = ped_geometry_new (geom->dev, geom->start, search + 2)))
 		return NULL;
 
 	for (; search < max; search++) {
@@ -141,8 +142,9 @@ hfsplus_probe (PedGeometry* geom)
 		      - 2;
 		search = max - 2 * ( PED_BE32_TO_CPU (vh->block_size)
 				     / PED_SECTOR_SIZE_DEFAULT ) + 2;
-		if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
-						   search + 2)))
+		if ((search < 0)
+		    || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+						      search + 2)))
 			return NULL;
 
 		for (; search < max; search++) {
@@ -156,8 +158,9 @@ hfsplus_probe (PedGeometry* geom)
 		search = ((PedSector) PED_BE32_TO_CPU (vh->total_blocks) - 1)
 		      * ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT )
 		      - 1;
-		if (!ped_geometry_set (geom_ret, geom_ret->start,
-					       search + 2)
+		if ((search < 0)
+		    || !ped_geometry_set (geom_ret, geom_ret->start,
+					  search + 2)
 		    || !ped_geometry_read (geom_ret, buf, search, 1)
 		    || vh->signature != PED_CPU_TO_BE16 (HFSP_SIGNATURE)) {
 		    	ped_geometry_destroy (geom_ret);
@@ -213,8 +216,9 @@ hfsx_probe (PedGeometry* geom)
 		      * ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT )
 		      - 2;
 	search = max - ( PED_BE32_TO_CPU (vh->block_size) / PED_SECTOR_SIZE_DEFAULT );
-	if (!(geom_ret = ped_geometry_new (geom->dev, geom->start,
-					   search + 2)))
+	if ((search < 0)
+	    || !(geom_ret = ped_geometry_new (geom->dev, geom->start,
+					      search + 2)))
 		return NULL;
 	for (; search < max; search++) {
 		if (!ped_geometry_set (geom_ret, geom_ret->start,
-- 
1.7.6.4