Date: Tue, 26 May 1998 11:09:57 +0200 (CEST) From: Stefan Eggers <seggers@semyam.dinoco.de> To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: seggers@semyam.dinoco.de Subject: misc/6759: buggy code in libdisk.a's disk.c Message-ID: <199805260909.LAA09390@semyam.dinoco.de>
next in thread | raw e-mail | index | archive | help
>Number: 6759
>Category: misc
>Synopsis: buggy code in libdisk.a's disk.c
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 26 07:20:01 PDT 1998
>Last-Modified:
>Originator: Stefan Eggers
>Organization:
none
>Release: FreeBSD 2.2.6-STABLE i386
>Environment:
The FreeBSD 2.2-stable sources.
>Description:
The file /usr/src/lib/libdisk/disk.c contains a confusing loop
which seems not to do what it is expected to do. It is this one:
p = read_block(fd,0);
dp = (struct dos_partition*)(p+DOSPARTOFF);
for(i=0;i<NDOSPART;i++) {
if (dp->dp_start >= size) continue;
if (dp->dp_start+dp->dp_size >= size) continue;
if (!dp->dp_size) continue;
if (dp->dp_typ == DOSPTYP_ONTRACK) {
d->flags |= DISK_ON_TRACK;
offset = 63;
}
}
This loop just increments i but besides setting d->flags and
offset if the structure pointed to by dp contains DOSPTYP_ONTRACK in
dp_typ it does nothing. It just works on the same entry NDOSPART
times which can't be right.
My guess is dp should have either be used as array with i as
index or should have been incremented after each iteration. Anyway,
something is wrong here.
>How-To-Repeat:
Take a look at FreeBSD 2.2-release libdisk in file disk.c at
about line 100.
>Fix:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805260909.LAA09390>