From owner-freebsd-current  Mon Sep 11 13:10:48 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id NAA00519
          for current-outgoing; Mon, 11 Sep 1995 13:10:48 -0700
Received: from Root.COM (implode.Root.COM [198.145.90.17])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id NAA00513
          for <current@freebsd.org>; Mon, 11 Sep 1995 13:10:42 -0700
Received: from corbin.Root.COM (corbin [198.145.90.34]) by Root.COM (8.6.12/8.6.5) with ESMTP id NAA07191; Mon, 11 Sep 1995 13:09:22 -0700
Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id NAA03186; Mon, 11 Sep 1995 13:11:37 -0700
Message-Id: <199509112011.NAA03186@corbin.Root.COM>
To: Terry Lambert <terry@lambert.org>
cc: current@freebsd.org, mckusick@mckusick.com
Subject: Re: BAD BUG IN UFS RENAME 
In-reply-to: Your message of "Mon, 11 Sep 95 11:52:20 PDT."
             <199509111852.LAA20196@phaeton.artisoft.com> 
From: David Greenman <davidg@Root.COM>
Reply-To: davidg@Root.COM
Date: Mon, 11 Sep 1995 13:11:36 -0700
Sender: current-owner@freebsd.org
Precedence: bulk

>Well, I've discovered some very interesting brain damage.
>
>In the case of an attemped cross-device rename, both NAMEI buffers are
>freed twice.

   Yes, I think I see this - the VOP_ABORTOP's on both cn buffers, followed by
the explicit free's in rename()?

>In the case of a rename of a->b where a + b have the same inode numbers
>but not the same name, the, the from buffer is freed twice.

   Hmmm, I think I see it free the *to* buffer twice, but I don't see what
you're seeing regarding the *from* buffer.
   Also, in rename(), the case where the file has the same name, too, will
cause *both* buffers to be freed twice - note the two VOP_ABORTOP's followed
by the explicit frees.
   Lite2 has the same bugs.

-DG