From owner-freebsd-bugs  Tue May 26 07:25:27 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA02165
          for freebsd-bugs-outgoing; Tue, 26 May 1998 07:25:27 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA02146
          for <freebsd-bugs@FreeBSD.org>; Tue, 26 May 1998 07:25:24 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id HAA06696;
	Tue, 26 May 1998 07:20:02 -0700 (PDT)
Received: from tim.xenologics.com (tim.xenologics.com [194.77.5.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA01599
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 May 1998 07:20:55 -0700 (PDT)
          (envelope-from seggers@semyam.dinoco.de)
Received: (from uucp@localhost)
	by tim.xenologics.com (8.8.5/8.8.8) with UUCP id QAA28624
	for FreeBSD-gnats-submit@freebsd.org; Tue, 26 May 1998 16:17:30 +0200 (MET DST)
Received: (from seggers@localhost)
	by semyam.dinoco.de (8.8.8/8.8.8) id LAA09390;
	Tue, 26 May 1998 11:09:57 +0200 (CEST)
	(envelope-from seggers)
Message-Id: <199805260909.LAA09390@semyam.dinoco.de>
Date: Tue, 26 May 1998 11:09:57 +0200 (CEST)
From: Stefan Eggers <seggers@semyam.dinoco.de>
Reply-To: seggers@semyam.dinoco.de
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc: seggers@semyam.dinoco.de
X-Send-Pr-Version: 3.2
Subject: misc/6759: buggy code in libdisk.a's disk.c
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         6759
>Category:       misc
>Synopsis:       buggy code in libdisk.a's disk.c
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 26 07:20:01 PDT 1998
>Last-Modified:
>Originator:     Stefan Eggers
>Organization:
none
>Release:        FreeBSD 2.2.6-STABLE i386
>Environment:

	The FreeBSD 2.2-stable sources.

>Description:

	The file /usr/src/lib/libdisk/disk.c contains a confusing loop
which seems not to do what it is expected to do.  It is this one:

        p = read_block(fd,0);
        dp = (struct dos_partition*)(p+DOSPARTOFF);
        for(i=0;i<NDOSPART;i++) {
                if (dp->dp_start >= size) continue;
                if (dp->dp_start+dp->dp_size >= size) continue;
                if (!dp->dp_size) continue;

                if (dp->dp_typ == DOSPTYP_ONTRACK) {
                        d->flags |= DISK_ON_TRACK;
                        offset = 63;
                }

        }

	This loop just increments i but besides setting d->flags and
offset if the structure pointed to by dp contains DOSPTYP_ONTRACK in
dp_typ it does nothing.  It just works on the same entry NDOSPART
times which can't be right.

	My guess is dp should have either be used as array with i as
index or should have been incremented after each iteration.  Anyway,
something is wrong here.

>How-To-Repeat:

	Take a look at FreeBSD 2.2-release libdisk in file disk.c at
about line 100.

>Fix:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message