Date: Mon, 08 May 2023 09:45:10 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 271312] inum > maxino should probably be inum >= maxino in fsck_ffs Message-ID: <bug-271312-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271312 Bug ID: 271312 Summary: inum > maxino should probably be inum >=3D maxino in fsck_ffs Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: rtm@lcs.mit.edu Created attachment 242053 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D242053&action= =3Dedit broken file system image that causes fsck to crash due to off-by-one maxino check fsck_ffs has some checks for an out-of-range i-number that say "... > maxino" which I think should be >=3D. One consequence is that inoinfo() in fsutil.c can index beyond the end of inostathead[]: if (inum > maxino) errx(EEXIT, "inoinfo: inumber %ju out of range", (uintmax_t)inum); ilp =3D &inostathead[inum / sblock.fs_ipg]; A backtrace from fsck_ffs -y on the attached file-system image: Program received signal SIGBUS, Bus error. Object-specific hardware error. 0x000000000021f051 in pass2check (idesc=3D0x7fffffffe7b8) at pass2.c:486 486 switch (inoinfo(dirp->d_ino)->ino_state) { (gdb) where #0 0x000000000021f051 in pass2check (idesc=3D0x7fffffffe7b8) at pass2.c:486 #1 0x00000000002093e7 in dirscan (idesc=3D0x7fffffffe7b8) at dir.c:211 #2 0x000000000021318b in ckinode (dp=3D0x7fffffffe6b8, idesc=3D0x7fffffffe= 7b8) at inode.c:126 #3 0x000000000021e130 in pass2 () at pass2.c:202 #4 0x0000000000219a7d in checkfilesys (filesys=3D0x7fffffffed79 "junk") at main.c:468 #5 0x0000000000218f42 in main (argc=3D1, argv=3D0x7fffffffea28) at main.c:= 210 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271312-227>