Date: Mon, 14 Jun 1999 16:50:26 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: "David E. Cross" <crossd@cs.rpi.edu> Cc: crossd@cs.rpi.edu, freebsd-hackers@FreeBSD.ORG, schimken@cs.rpi.edu Subject: Re: oops, here's the patch Message-ID: <199906142350.QAA12993@apollo.backplane.com> References: <199906142007.QAA62362@wobble.cs.rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh man that routine is complex! I'm looking at it closely and I think you are right, except I think you may have introduced a minor bug in fixing the other bug. Here is the code and the last bit of your modification for reference: if (vap->va_size != -1) { error = nfsrv_access(vp, VWRITE, cred, (nd.ni_cnd.cn_flags & RDONLY), procp, 0); if (!error) { nqsrv_getl(vp, ND_WRITE); tempsize = vap->va_size; VATTR_NULL(vap); vap->va_size = tempsize; error = VOP_SETATTR(vp, vap, cred, procp); } if (error) vput(vp); } if (eexistdebug) vput(vp); <<<<<<<<< your addition However, if the inside of the first conditional generates an error, the vp may be vput twice. What I recommend is this for the last bit: if (vap->va_size != -1) { ... if (error) { vput(vp); vp = NULL; <<<<<<< my addition } } if (eexistdebug && vp) <<<<<<< also check vp != NULL vput(vp); It would be good if someone else could look over this routine and double-check David's find and his solution with my modification. Have we handled all the cases? David, this is a great bug find! -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906142350.QAA12993>