From owner-svn-src-all@freebsd.org Wed Feb 21 20:32:23 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F831F27C13; Wed, 21 Feb 2018 20:32:23 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 51A6E71534; Wed, 21 Feb 2018 20:32:23 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4C8B91D6D7; Wed, 21 Feb 2018 20:32:23 +0000 (UTC) (envelope-from mckusick@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1LKWNrk087001; Wed, 21 Feb 2018 20:32:23 GMT (envelope-from mckusick@FreeBSD.org) Received: (from mckusick@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1LKWNon087000; Wed, 21 Feb 2018 20:32:23 GMT (envelope-from mckusick@FreeBSD.org) Message-Id: <201802212032.w1LKWNon087000@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mckusick set sender to mckusick@FreeBSD.org using -f From: Kirk McKusick Date: Wed, 21 Feb 2018 20:32:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r329749 - head/sbin/fsck_ffs X-SVN-Group: head X-SVN-Commit-Author: mckusick X-SVN-Commit-Paths: head/sbin/fsck_ffs X-SVN-Commit-Revision: 329749 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 20:32:23 -0000 Author: mckusick Date: Wed Feb 21 20:32:23 2018 New Revision: 329749 URL: https://svnweb.freebsd.org/changeset/base/329749 Log: Fix a read past the end of a buffer in fsck. To minimize the time spent scanning all of the directories in pass 2 (Check Pathnames), fsck uses a search order based on the location of their first block. Zero length directories have no first block, so the array being used to hold the block numbers of directory inodes was of zero length. Thus a lookup was done past the end of the array getting at best a random value and at worst a segment fault. For zero length directories, this change allocates a one element block array and initializes it to zero. The effect is that all zero length directories are handled first in pass 2. Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D14163 Modified: head/sbin/fsck_ffs/inode.c Modified: head/sbin/fsck_ffs/inode.c ============================================================================== --- head/sbin/fsck_ffs/inode.c Wed Feb 21 20:17:08 2018 (r329748) +++ head/sbin/fsck_ffs/inode.c Wed Feb 21 20:32:23 2018 (r329749) @@ -453,8 +453,10 @@ cacheino(union dinode *dp, ino_t inumber) if (howmany(DIP(dp, di_size), sblock.fs_bsize) > UFS_NDADDR) blks = UFS_NDADDR + UFS_NIADDR; - else + else if (DIP(dp, di_size) > 0) blks = howmany(DIP(dp, di_size), sblock.fs_bsize); + else + blks = 1; inp = (struct inoinfo *) Malloc(sizeof(*inp) + (blks - 1) * sizeof(ufs2_daddr_t)); if (inp == NULL)