From owner-freebsd-bugs Tue Jun 2 00:30:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA05837 for freebsd-bugs-outgoing; Tue, 2 Jun 1998 00:30:35 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA05826 for ; Tue, 2 Jun 1998 00:30:32 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id AAA14761; Tue, 2 Jun 1998 00:30:02 -0700 (PDT) Date: Tue, 2 Jun 1998 00:30:02 -0700 (PDT) Message-Id: <199806020730.AAA14761@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.ORG From: Bruce Evans Subject: Re: kern/6820: cd9660_mount NULL pointer deref for no CDROM drive Reply-To: Bruce Evans Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/6820; it has been noted by GNATS. From: Bruce Evans To: dufault@hda.com, FreeBSD-gnats-submit@FreeBSD.ORG Cc: Subject: Re: kern/6820: cd9660_mount NULL pointer deref for no CDROM drive Date: Tue, 2 Jun 1998 17:22:57 +1000 >I tried to mount a CD on my crash box. Unfortunately I don't have a >CDROM drive there. cd9660_mount crashes with a NULL pointer dereference >of bdevsw[major(devvp->v_rdev)]: > >> if ((mp->mnt_flag & MNT_UPDATE) == 0) { >> if (bdevsw[major(devvp->v_rdev)]->d_flags & D_NOCLUSTERR) >> mp->mnt_flag |= MNT_NOCLUSTERR; >> error = iso_mountfs(devvp, mp, p, &args); >> } else { > >This may have been added in 1.29 in the CLUSTERRING commit. ffs has the same bug. The device node exists but not the device. It doesn't help that mount() would later return ENXIO, since the devsw is accessed before the device is opened. This bug is often masked by sloppy initialization using SYSINIT(). The devsw entries get initialized although no device is present. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message