Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Mar 2014 11:49:45 +0000 (UTC)
From:      Kirk McKusick <mckusick@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r263630 - stable/9/sbin/fsck_ffs
Message-ID:  <201403221149.s2MBnjVK080807@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: mckusick
Date: Sat Mar 22 11:49:44 2014
New Revision: 263630
URL: http://svnweb.freebsd.org/changeset/base/263630

Log:
  MFC of 263062:
  
  Avoid segment fault when attempting to clean up cylinder group
  buffer cache.
  
  PR:             187221
  Submitted by:   Petr Lampa <lampa@fit.vutbr.cz>
  Obtained from:  Petr Lampa <lampa@fit.vutbr.cz>
  MFC after:      1 week
  
  MFC of 262488:
  
  Arguments for malloc and calloc should be size_t, not int.
  Use proper bounds check when trying to free cached memory.
  
  Spotted by: Xin Li
  Tested by:  Dmitry Sivachenko
  MFC after:  2 weeks

Modified:
  stable/9/sbin/fsck_ffs/fsck.h
  stable/9/sbin/fsck_ffs/fsutil.c
Directory Properties:
  stable/9/   (props changed)
  stable/9/sbin/   (props changed)
  stable/9/sbin/fsck_ffs/   (props changed)
  stable/9/sbin/ggate/   (props changed)

Modified: stable/9/sbin/fsck_ffs/fsck.h
==============================================================================
--- stable/9/sbin/fsck_ffs/fsck.h	Sat Mar 22 11:43:35 2014	(r263629)
+++ stable/9/sbin/fsck_ffs/fsck.h	Sat Mar 22 11:49:44 2014	(r263630)
@@ -366,7 +366,7 @@ int flushentry(void);
  * to get space.
  */
 static inline void*
-Malloc(int size)
+Malloc(size_t size)
 {
 	void *retval;
 
@@ -381,7 +381,7 @@ Malloc(int size)
  * to get space.
  */
 static inline void*
-Calloc(int cnt, int size)
+Calloc(size_t cnt, size_t size)
 {
 	void *retval;
 

Modified: stable/9/sbin/fsck_ffs/fsutil.c
==============================================================================
--- stable/9/sbin/fsck_ffs/fsutil.c	Sat Mar 22 11:43:35 2014	(r263629)
+++ stable/9/sbin/fsck_ffs/fsutil.c	Sat Mar 22 11:49:44 2014	(r263630)
@@ -205,7 +205,7 @@ cgget(int cg)
 	struct cg *cgp;
 
 	if (cgbufs == NULL) {
-		cgbufs = Calloc(sblock.fs_ncg, sizeof(struct bufarea));
+		cgbufs = calloc(sblock.fs_ncg, sizeof(struct bufarea));
 		if (cgbufs == NULL)
 			errx(EEXIT, "cannot allocate cylinder group buffers");
 	}
@@ -234,6 +234,8 @@ flushentry(void)
 {
 	struct bufarea *cgbp;
 
+	if (flushtries == sblock.fs_ncg || cgbufs == NULL)
+		return (0);
 	cgbp = &cgbufs[flushtries++];
 	if (cgbp->b_un.b_cg == NULL)
 		return (0);
@@ -414,13 +416,15 @@ ckfini(int markclean)
 	}
 	if (numbufs != cnt)
 		errx(EEXIT, "panic: lost %d buffers", numbufs - cnt);
-	for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
-		if (cgbufs[cnt].b_un.b_cg == NULL)
-			continue;
-		flush(fswritefd, &cgbufs[cnt]);
-		free(cgbufs[cnt].b_un.b_cg);
+	if (cgbufs != NULL) {
+		for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
+			if (cgbufs[cnt].b_un.b_cg == NULL)
+				continue;
+			flush(fswritefd, &cgbufs[cnt]);
+			free(cgbufs[cnt].b_un.b_cg);
+		}
+		free(cgbufs);
 	}
-	free(cgbufs);
 	pbp = pdirbp = (struct bufarea *)0;
 	if (cursnapshot == 0 && sblock.fs_clean != markclean) {
 		if ((sblock.fs_clean = markclean) != 0) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403221149.s2MBnjVK080807>