From owner-freebsd-current@FreeBSD.ORG Sun Nov 23 03:41:50 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 189FB16A4CE for ; Sun, 23 Nov 2003 03:41:50 -0800 (PST) Received: from p233.if.pwr.wroc.pl (p233.if.pwr.wroc.pl [156.17.68.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6136D43FE9 for ; Sun, 23 Nov 2003 03:41:49 -0800 (PST) (envelope-from junior@p233.if.pwr.wroc.pl) Received: from junior by p233.if.pwr.wroc.pl with local (Exim 3.35 #1 (Debian)) id 1ANseK-0000Mo-00 for ; Sun, 23 Nov 2003 12:43:32 +0100 Date: Sun, 23 Nov 2003 12:43:32 +0100 To: freebsd-current@freebsd.org Message-ID: <20031123114332.GA1337@p221.if.pwr.wroc.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i From: Bartek Marcinkiewicz Subject: vfs_domount() ->...-> vfs_freeopts() NULL pointer dereferencing X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Nov 2003 11:41:50 -0000 Hi, System in question is FreeBSD 5.1-CURRENT, sources for -current cvsupped a few days ago. Problem occurs while mounting ext2fs partition. If VFS_MOUNT() returns error there is null pointer dereference happening in vfs_freeopts() which is called by vfs_mount_destroy() Trace: vfs_freeopts(0, ...) vfs_mount_destroy() vfs_domount() vfs_nmount nmount() offending code: /* Release all resources related to the mount options. */ static void vfs_freeopts(struct vfsoptlist *opts) { struct vfsopt *opt; /* jr */ if (!opts) printf("tailq list opts is NULL pointer\n"); while (!TAILQ_EMPTY(opts)) { opt = TAILQ_FIRST(opts); vfs_freeopt(opts, opt); } free(opts, M_MOUNT); } Trivial patch would be adding: if (!opts) return; but is it correct? best regards, bm. ps. ext2fs was dirty..