Date: Mon, 14 Jun 1999 16:50:26 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: "David E. Cross" <crossd@cs.rpi.edu> Cc: crossd@cs.rpi.edu, freebsd-hackers@FreeBSD.ORG, schimken@cs.rpi.edu Subject: Re: oops, here's the patch Message-ID: <199906142350.QAA12993@apollo.backplane.com> References: <199906142007.QAA62362@wobble.cs.rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh man that routine is complex! I'm looking at it closely
and I think you are right, except I think you may have
introduced a minor bug in fixing the other bug. Here is the code and
the last bit of your modification for reference:
if (vap->va_size != -1) {
error = nfsrv_access(vp, VWRITE, cred,
(nd.ni_cnd.cn_flags & RDONLY), procp, 0);
if (!error) {
nqsrv_getl(vp, ND_WRITE);
tempsize = vap->va_size;
VATTR_NULL(vap);
vap->va_size = tempsize;
error = VOP_SETATTR(vp, vap, cred,
procp);
}
if (error)
vput(vp);
}
if (eexistdebug) vput(vp); <<<<<<<<< your addition
However, if the inside of the first conditional generates an error, the vp
may be vput twice. What I recommend is this for the last bit:
if (vap->va_size != -1) {
...
if (error) {
vput(vp);
vp = NULL; <<<<<<< my addition
}
}
if (eexistdebug && vp) <<<<<<< also check vp != NULL
vput(vp);
It would be good if someone else could look over this routine and
double-check David's find and his solution with my modification. Have
we handled all the cases?
David, this is a great bug find!
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906142350.QAA12993>