From owner-freebsd-current Sat Dec 23 23:08:25 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA07657 for current-outgoing; Sat, 23 Dec 1995 23:08:25 -0800 (PST) Received: from marble.eps.nagoya-u.ac.jp (marble.eps.nagoya-u.ac.jp [133.6.57.68]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id XAA07646 for ; Sat, 23 Dec 1995 23:08:22 -0800 (PST) Received: from marble.eps.nagoya-u.ac.jp (localhost [127.0.0.1]) by marble.eps.nagoya-u.ac.jp (8.7.1+2.6Wbeta4/3.3W9) with ESMTP id QAA00452 for ; Sun, 24 Dec 1995 16:08:19 +0900 (JST) Message-Id: <199512240708.QAA00452@marble.eps.nagoya-u.ac.jp> To: current@freebsd.org Subject: return value of ffs_blkpref() X-Mailer: Mew beta version 0.96 on Emacs 19.28.1, Mule 2.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Sun, 24 Dec 1995 16:08:18 +0900 From: KATO Takenori Sender: owner-current@freebsd.org Precedence: bulk The return value of ffs_blkpref() is checked in most cases like if (pref >= fs_fs_size) pref = 0; to avoid miserable destruction of file system (c.f. ffs_alloc() function). However, the value set in ffs_reallocblks() has never been checked. In this function, the value is set by [line 397 in ffs_alloc.c] pref = ffs_blkpref(ip, start_lbn, soff, sbap); Then, pref variable is used by [line 416 in ffs_alloc.c] if ((newblk = (daddr_t)ffs_hashalloc(ip, dtog(fs, pref), (long)pref, len, ffs_clusteralloc)) == 0) The ffs_hashalloc function calls ffs_clusteralloc() at [line 704 in ffs_alloc.c] result = (*allocater)(ip, cg, pref, size); But ffs_clusteralloc doesn't check pref is correct or not. Why doesn't this function test pref though other functions do? I think this may clobber the file system when pref points the non-existent block in last cylinder group. ---- KATO Takenori Dept. Earth Planet. Sci. Nagoya Univ. Nagoya 464-01 Voice: +81-52-789-2529 E-mail: kato@eclogite.eps.nagoya-u.ac.jp