From 258630083a992bd8475c64eb6dd3de7518a2ab70 Mon Sep 17 00:00:00 2001
From: ae <ae@FreeBSD.org>
Date: Thu, 27 Jan 2011 08:02:26 +0000
Subject: [PATCH] While inspecting the disklabel check that start offset of
 partition is within provider's bounds. If not then reject this disklabel.
 Mark bbarea as NULL to do not free it again in destroy method.

MFC after:	1 week
---
 sys/geom/part/g_part_bsd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/geom/part/g_part_bsd.c b/sys/geom/part/g_part_bsd.c
index 95f56dae4d7e..e51a22ff35c1 100644
--- a/sys/geom/part/g_part_bsd.c
+++ b/sys/geom/part/g_part_bsd.c
@@ -426,6 +426,8 @@ g_part_bsd_read(struct g_part_table *basetable, struct g_consumer *cp)
 			continue;
 		if (part.p_offset < table->offset)
 			continue;
+		if (part.p_offset - table->offset > basetable->gpt_last)
+			goto invalid_label;
 		baseentry = g_part_new_entry(basetable, index + 1,
 		    part.p_offset - table->offset,
 		    part.p_offset - table->offset + part.p_size - 1);
@@ -440,6 +442,7 @@ g_part_bsd_read(struct g_part_table *basetable, struct g_consumer *cp)
  invalid_label:
 	printf("GEOM: %s: invalid disklabel.\n", pp->name);
 	g_free(table->bbarea);
+	table->bbarea = NULL;
 	return (EINVAL);
 }