Date: Mon, 22 Jan 2007 17:10:46 GMT From: Yuichiro Goto<y7goto@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/108215: bug in fsread in sys/boot/common/ufsread.c Message-ID: <200701221710.l0MHAkYh025209@www.freebsd.org> Resent-Message-ID: <200701221720.l0MHKMxA070881@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108215
>Category: misc
>Synopsis: bug in fsread in sys/boot/common/ufsread.c
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 22 17:20:22 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Yuichiro Goto
>Release: FreeBSD 6.2-RELEASE i386
>Organization:
>Environment:
FreeBSD cobalt.my.domain 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Thu Jan 18 10:10:43 JST 2007 root@cobalt.my.domain:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Incorrect calculation of a virtual block address within the single indirect block causes corruption of a large file.
>How-To-Repeat:
Read a large file. On my system, a file that is larger than 16384 * (512 + 12) bytes on a filesystem (UFS2) with bsize = 16384 is corrupted.
>Fix:
See the attached diff.
Patch attached with submission follows:
Index: ufsread.c
===================================================================
RCS file: /home/ncvs/src/sys/boot/common/ufsread.c,v
retrieving revision 1.14
diff -u -r1.14 ufsread.c
--- ufsread.c 30 Jan 2005 14:58:00 -0000 1.14
+++ ufsread.c 22 Jan 2007 16:43:32 -0000
@@ -249,7 +249,7 @@
} else if (lbn < NDADDR + NINDIR(fs)) {
n = INDIRPERVBLK(fs);
addr = DIP(di_ib[0]);
- u = (u_int)(lbn - NDADDR) / (n * DBPERVBLK);
+ u = (u_int)(lbn - NDADDR) / n * DBPERVBLK;
vbaddr = fsbtodb(fs, addr) + u;
if (indmap != vbaddr) {
if (dskread(indbuf, vbaddr, DBPERVBLK))
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701221710.l0MHAkYh025209>