Date: Tue, 23 Aug 2016 07:51:01 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r304667 - stable/10/sys/ufs/ffs Message-ID: <201608230751.u7N7p1ME058205@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Tue Aug 23 07:51:00 2016 New Revision: 304667 URL: https://svnweb.freebsd.org/changeset/base/304667 Log: MFC r304227: In ffs_balloc_ufs{1,2} routines, assert that unwind records do not overflow local arrays. Modified: stable/10/sys/ufs/ffs/ffs_balloc.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/ufs/ffs/ffs_balloc.c ============================================================================== --- stable/10/sys/ufs/ffs/ffs_balloc.c Tue Aug 23 07:32:12 2016 (r304666) +++ stable/10/sys/ufs/ffs/ffs_balloc.c Tue Aug 23 07:51:00 2016 (r304667) @@ -255,6 +255,8 @@ ffs_balloc_ufs1(struct vnode *vp, off_t } pref = newb + fs->fs_frag; nb = newb; + MPASS(allocblk < allociblk + nitems(allociblk)); + MPASS(lbns_remfree < lbns + nitems(lbns)); *allocblk++ = nb; *lbns_remfree++ = indirs[1].in_lbn; bp = getblk(vp, indirs[1].in_lbn, fs->fs_bsize, 0, 0, gbflags); @@ -325,6 +327,8 @@ retry: } pref = newb + fs->fs_frag; nb = newb; + MPASS(allocblk < allociblk + nitems(allociblk)); + MPASS(lbns_remfree < lbns + nitems(lbns)); *allocblk++ = nb; *lbns_remfree++ = indirs[i].in_lbn; nbp = getblk(vp, indirs[i].in_lbn, fs->fs_bsize, 0, 0, 0); @@ -401,6 +405,8 @@ retry: goto fail; } nb = newb; + MPASS(allocblk < allociblk + nitems(allociblk)); + MPASS(lbns_remfree < lbns + nitems(lbns)); *allocblk++ = nb; *lbns_remfree++ = lbn; nbp = getblk(vp, lbn, fs->fs_bsize, 0, 0, gbflags); @@ -818,6 +824,8 @@ ffs_balloc_ufs2(struct vnode *vp, off_t } pref = newb + fs->fs_frag; nb = newb; + MPASS(allocblk < allociblk + nitems(allociblk)); + MPASS(lbns_remfree < lbns + nitems(lbns)); *allocblk++ = nb; *lbns_remfree++ = indirs[1].in_lbn; bp = getblk(vp, indirs[1].in_lbn, fs->fs_bsize, 0, 0, @@ -889,6 +897,8 @@ retry: } pref = newb + fs->fs_frag; nb = newb; + MPASS(allocblk < allociblk + nitems(allociblk)); + MPASS(lbns_remfree < lbns + nitems(lbns)); *allocblk++ = nb; *lbns_remfree++ = indirs[i].in_lbn; nbp = getblk(vp, indirs[i].in_lbn, fs->fs_bsize, 0, 0, @@ -966,6 +976,8 @@ retry: goto fail; } nb = newb; + MPASS(allocblk < allociblk + nitems(allociblk)); + MPASS(lbns_remfree < lbns + nitems(lbns)); *allocblk++ = nb; *lbns_remfree++ = lbn; nbp = getblk(vp, lbn, fs->fs_bsize, 0, 0, gbflags);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608230751.u7N7p1ME058205>