rpms/util-linux
6
0
Fork 0
Code Issues Pull Requests Releases Activity

libfdisk: fix off-by-one in maximum last sector calculation

Browse Source 
Resolves: RHEL-122367
This commit is contained in:
Karel Zak 2025-11-19 11:17:57 +01:00
parent 4c1825e975
commit c2ee14017e
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
0019-libfdisk-dos-fix-off-by-one-in-maximum-last-sector-c.patch Normal file
View File

@ -0,0 +1,46 @@
From ec0dfcca6f2d154a4697df4448d1aea6d2ee00af Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 30 Oct 2025 12:11:43 +0100
Subject: libfdisk: (dos) fix off-by-one in maximum last sector calculation
The get_disk_ranges() function incorrectly capped the last usable
sector at UINT_MAX, which could cause an overflow when calculating
partition size for MBR partition tables.
MBR stores partition size as a 32-bit value with maximum UINT_MAX.
The partition size is calculated as: size = stop - start + 1
For a partition starting at sector 0:
- If stop = UINT_MAX: size = UINT_MAX + 1 (overflow!)
- If stop = UINT_MAX - 1: size = UINT_MAX (correct maximum)
This fixes the inconsistency where dos_init() correctly warns about
disks larger than UINT_MAX sectors (2TiB - 512 bytes for 512-byte
sectors), but get_disk_ranges() allowed creating partitions that
would overflow the 32-bit size field.
Addresses: https://issues.redhat.com/browse/RHEL-122367
Signed-off-by: Karel Zak <kzak@redhat.com>
(cherry picked from commit 578923fe582903628ecc0d2a434af0affa3660d2)
---
libfdisk/src/dos.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libfdisk/src/dos.c b/libfdisk/src/dos.c
index db7e25716..c88d2a4f2 100644
--- a/libfdisk/src/dos.c
+++ b/libfdisk/src/dos.c
@@ -1241,8 +1241,8 @@ static int get_disk_ranges(struct fdisk_context *cxt, int logical,
else
*last = cxt->total_sectors - 1;
- if (*last > UINT_MAX)
- *last = UINT_MAX;
+ if (*last >= UINT_MAX)
+ *last = UINT_MAX - 1;
*first = cxt->first_lba;
}
--
2.51.1

2
util-linux.spec
View File

@ -134,6 +134,8 @@ Patch16: 0016-mount-improve-all-documentation.patch
Patch17: 0017-libblkid-Fix-probe_ioctl_tp-assigning-BLKGETDISKSEQ-.patch
# RHEL-121120 - libblkid: use snprintf() instead of sprintf()
Patch18: 0018-libblkid-use-snprintf-instead-of-sprintf.patch
# RHEL-122367 - libfdisk: (dos) fix off-by-one in maximum last sector calculation
Patch19: 0019-libfdisk-dos-fix-off-by-one-in-maximum-last-sector-c.patch
%description