From owner-freebsd-hackers Mon Jun 14 16:50:30 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id D34B914CB4 for ; Mon, 14 Jun 1999 16:50:28 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id QAA12993; Mon, 14 Jun 1999 16:50:26 -0700 (PDT) (envelope-from dillon) Date: Mon, 14 Jun 1999 16:50:26 -0700 (PDT) From: Matthew Dillon Message-Id: <199906142350.QAA12993@apollo.backplane.com> To: "David E. Cross" Cc: crossd@cs.rpi.edu, freebsd-hackers@FreeBSD.ORG, schimken@cs.rpi.edu Subject: Re: oops, here's the patch References: <199906142007.QAA62362@wobble.cs.rpi.edu> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Oh man that routine is complex! I'm looking at it closely and I think you are right, except I think you may have introduced a minor bug in fixing the other bug. Here is the code and the last bit of your modification for reference: if (vap->va_size != -1) { error = nfsrv_access(vp, VWRITE, cred, (nd.ni_cnd.cn_flags & RDONLY), procp, 0); if (!error) { nqsrv_getl(vp, ND_WRITE); tempsize = vap->va_size; VATTR_NULL(vap); vap->va_size = tempsize; error = VOP_SETATTR(vp, vap, cred, procp); } if (error) vput(vp); } if (eexistdebug) vput(vp); <<<<<<<<< your addition However, if the inside of the first conditional generates an error, the vp may be vput twice. What I recommend is this for the last bit: if (vap->va_size != -1) { ... if (error) { vput(vp); vp = NULL; <<<<<<< my addition } } if (eexistdebug && vp) <<<<<<< also check vp != NULL vput(vp); It would be good if someone else could look over this routine and double-check David's find and his solution with my modification. Have we handled all the cases? David, this is a great bug find! -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message