From owner-freebsd-current Mon Sep 11 12:01:49 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA28554 for current-outgoing; Mon, 11 Sep 1995 12:01:49 -0700 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA28548 for ; Mon, 11 Sep 1995 12:01:45 -0700 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id LAA20196 for current@freebsd.org; Mon, 11 Sep 1995 11:52:20 -0700 From: Terry Lambert Message-Id: <199509111852.LAA20196@phaeton.artisoft.com> Subject: BAD BUG IN UFS RENAME To: current@freebsd.org Date: Mon, 11 Sep 1995 11:52:20 -0700 (MST) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 652 Sender: current-owner@freebsd.org Precedence: bulk Well, I've discovered some very interesting brain damage. In the case of an attemped cross-device rename, both NAMEI buffers are freed twice. In the case of a rename of a->b where a + b have the same inode numbers but not the same name, the, the from buffer is freed twice. I'm about to engage in a cleanup of this very code, I'm just reporting the problem to note the justification of the cleanup. The code of interest for this bungle is in: kern/vfs_syscalls.c (rename) ufs/ufs/ufs_vnops.c (ufs_rename) Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.