Date: Wed, 21 Feb 2018 20:32:23 +0000 (UTC) From: Kirk McKusick <mckusick@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r329749 - head/sbin/fsck_ffs Message-ID: <201802212032.w1LKWNon087000@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mckusick Date: Wed Feb 21 20:32:23 2018 New Revision: 329749 URL: https://svnweb.freebsd.org/changeset/base/329749 Log: Fix a read past the end of a buffer in fsck. To minimize the time spent scanning all of the directories in pass 2 (Check Pathnames), fsck uses a search order based on the location of their first block. Zero length directories have no first block, so the array being used to hold the block numbers of directory inodes was of zero length. Thus a lookup was done past the end of the array getting at best a random value and at worst a segment fault. For zero length directories, this change allocates a one element block array and initializes it to zero. The effect is that all zero length directories are handled first in pass 2. Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D14163 Modified: head/sbin/fsck_ffs/inode.c Modified: head/sbin/fsck_ffs/inode.c ============================================================================== --- head/sbin/fsck_ffs/inode.c Wed Feb 21 20:17:08 2018 (r329748) +++ head/sbin/fsck_ffs/inode.c Wed Feb 21 20:32:23 2018 (r329749) @@ -453,8 +453,10 @@ cacheino(union dinode *dp, ino_t inumber) if (howmany(DIP(dp, di_size), sblock.fs_bsize) > UFS_NDADDR) blks = UFS_NDADDR + UFS_NIADDR; - else + else if (DIP(dp, di_size) > 0) blks = howmany(DIP(dp, di_size), sblock.fs_bsize); + else + blks = 1; inp = (struct inoinfo *) Malloc(sizeof(*inp) + (blks - 1) * sizeof(ufs2_daddr_t)); if (inp == NULL)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802212032.w1LKWNon087000>