Date: Mon, 11 Sep 1995 13:11:36 -0700 From: David Greenman <davidg@Root.COM> To: Terry Lambert <terry@lambert.org> Cc: current@freebsd.org, mckusick@mckusick.com Subject: Re: BAD BUG IN UFS RENAME Message-ID: <199509112011.NAA03186@corbin.Root.COM> In-Reply-To: Your message of "Mon, 11 Sep 95 11:52:20 PDT." <199509111852.LAA20196@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Well, I've discovered some very interesting brain damage. > >In the case of an attemped cross-device rename, both NAMEI buffers are >freed twice. Yes, I think I see this - the VOP_ABORTOP's on both cn buffers, followed by the explicit free's in rename()? >In the case of a rename of a->b where a + b have the same inode numbers >but not the same name, the, the from buffer is freed twice. Hmmm, I think I see it free the *to* buffer twice, but I don't see what you're seeing regarding the *from* buffer. Also, in rename(), the case where the file has the same name, too, will cause *both* buffers to be freed twice - note the two VOP_ABORTOP's followed by the explicit frees. Lite2 has the same bugs. -DG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509112011.NAA03186>