Hi, calling partx with the libblkid debug environment variable like > env LIBBLKID_DEBUG=all partx --show /dev/sda results in the following:
6729: libblkid: INIT: library debug mask: 0xffff 6729: libblkid: INIT: library version: 2.31.1 [19-Dec-2017] Available "LIBBLKID_DEBUG=<name>[,...]|<mask>" debug masks: all [0xffff] : info about all subsystems cache [0x0004] : blkid tags cache config [0x0008] : config file utils dev [0x0010] : device utils devname [0x0020] : /proc/partitions evaluation devno [0x0040] : conversions to device name evaluate [0x0080] : tags resolving help [0x0001] : this help lowprobe [0x0100] : superblock/raids/partitions probing buffer [0x2000] : low-probing buffers probe [0x0200] : devices verification read [0x0400] : cache parsing save [0x0800] : cache writing tag [0x1000] : tags utils 6729: libblkid: LOWPROBE: allocate a new probe 0x556a99d8e2c0 6729: libblkid: LOWPROBE: zeroize wiper 6729: libblkid: LOWPROBE: ready for low-probing, offset=0, size=128035676160 6729: libblkid: LOWPROBE: whole-disk: YES, regfile: NO 6729: libblkid: LOWPROBE: partlist reset 6729: libblkid: LOWPROBE: parts: initialized partitions list (0x556a99d8e3d0, size=0) 6729: libblkid: LOWPROBE: --> starting probing loop [PARTS idx=-1] 6729: libblkid: LOWPROBE: read 0x556a99d8e438: off=0 len=1024 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: LOWPROBE: magic sboff=510, kboff=0 6729: libblkid: LOWPROBE: dos: ---> call probefunc() 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=512) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=1024) 6729: libblkid: LOWPROBE: magic sboff=0, kboff=0 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=512) 6729: libblkid: BUFFER: reuse 0x556a99d8e438: off=0 len=1024 (for off=0 len=512) 6729: libblkid: LOWPROBE: parts: create a new partition table (0x556a99d8e840, type=dos, offset=446) 6729: libblkid: LOWPROBE: parts: add partition (0x556a99d8e8a0 start=2048, size=62734336, table=0x556a99d8e840) 6729: libblkid: LOWPROBE: parts: add partition (0x556a99d8e9a0 start=62736384, size=141438976, table=0x556a99d8e840) 6729: libblkid: LOWPROBE: parts: add partition (0x556a99d8eaa0 start=204175360, size=45893632, table=0x556a99d8e840) 6729: libblkid: LOWPROBE: parts: ----> solaris subprobe requested (parent=(nil)) 6729: libblkid: LOWPROBE: partlist reset 6729: libblkid: LOWPROBE: dos probefunc failed, rc -22 6729: libblkid: LOWPROBE: dos: <--- (rc = -22) 6729: libblkid: LOWPROBE: <-- leaving probing loop (failed=-22) [PARTS idx=3] 6729: libblkid: LOWPROBE: partitions probe done [rc=-22] partx: /dev/sda: Partitionstabelle konnte nicht gelesen werden 6729: libblkid: BUFFER: Resetting probing buffers pr=0x556a99d8e2c0 6729: libblkid: BUFFER: remove buffer: 0x556a99d8e438 [off=0, len=1024] 6729: libblkid: LOWPROBE: buffers summary: 1024 bytes by 1 read() calls 6729: libblkid: LOWPROBE: free probe 0x556a99d8e2c0 There, the Solaris subprobe request fails (swap and Solaris partitions both seems to share the same partition type byte 0x82), which leads to the failing of partx. The problem originates in dos.c:probe_dos_pt where > p0 = mbr_get_partition(data, 0); returns an array of length 4 with the second partition contains only 0 values as the partition is not used. Thus, the fourth partition (index 3) is a valid swap partition. However, > ls = blkid_probe_get_partlist(pr); returns an array of length 3 within ls->parts where only the non-empty partitions are listed and thus the swap partition is the third partition (index 2). In the subtypes parsing block towards the end of the dos.c:probe_dos_pt function the code combines these logically non-aligned arrays with > rc = blkid_partitions_do_subprobe(pr, > blkid_partlist_get_partition(ls, i), > dos_nested[n].id); for i=3 which results in a NULL pointer from blkid_partlist_get_partition, which itself results into -EINVAL in blkid_partitions_do_subprobe as parent is NULL. To be clear: The true problem is not the out-of-bounds access of ls->parts (which gets caught) but the differing definitions of p0 and ls->parts with all or only the non-empty partitions, respectively. The mapping between both data structures is non-trivial in general, because there can be multiple empty partitions. Kind regards Patrick
signature.asc
Description: This is a digitally signed message part.
