From: Theodore Tso <tytso@mit.edu>
To: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Cc: cmm@us.ibm.com, sandeen@redhat.com, linux-ext4@vger.kernel.org,
alex@clusterfs.com, adilger@sun.com
Subject: Re: [PATCH] ext4: Fix use of uninitialized data
Date: Sun, 1 Jun 2008 20:08:42 -0400 [thread overview]
Message-ID: <20080602000842.GA24339@mit.edu> (raw)
In-Reply-To: <1210790832-20680-2-git-send-email-aneesh.kumar@linux.vnet.ibm.com>
On Thu, May 15, 2008 at 12:17:11AM +0530, Aneesh Kumar K.V wrote:
> @@ -3134,8 +3135,7 @@ static void ext4_mb_use_inode_pa(struct ext4_allocation_context *ac,
> static void ext4_mb_use_group_pa(struct ext4_allocation_context *ac,
> struct ext4_prealloc_space *pa)
> {
> - unsigned len = ac->ac_o_ex.fe_len;
> -
> + unsigned int len = ac->ac_o_ex.fe_len;
> ext4_get_group_no_and_offset(ac->ac_sb, pa->pa_pstart,
> &ac->ac_b_ex.fe_group,
> &ac->ac_b_ex.fe_start);
> --
This change had nothing to do with fixing the use of unitialized data,
but when I started looking more closely, it raised a potential signed
vs. unsigned issue: ac_o_ex is a struct ext4_free_extent, and fe_len
is an int.
So here we are assigning an int to an unsigned int. Later, len is
assigned to ac_b_ex.len, which means assigning an unsigned int to an
int. In other places, fe_len (an int) is compared against pa_free
(which is an unsigned short), and fe_len gets assined to pa_free, once
again mixing signed and unsigned.
Can someone who is really familiar with this code check this out? I
think the following pseudo-patch to mballoc.h might be in order:
struct ext4_free_extent {
ext4_lblk_t fe_logical;
ext4_grpblk_t fe_start;
ext4_group_t fe_group;
- int fe_len;
+ unsigned int fe_len;
};
- Ted
next prev parent reply other threads:[~2008-06-02 0:10 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-14 18:47 [PATCH] ext4: printk stack trace on ext4_error, ext4_abort and ext4_warning Aneesh Kumar K.V
2008-05-14 18:47 ` [PATCH] ext4: Fix use of uninitialized data Aneesh Kumar K.V
2008-05-14 18:47 ` [PATCH] ext4: Fix FLEX_BG and uninit group usage Aneesh Kumar K.V
2008-05-14 19:08 ` Jose R. Santos
2008-05-15 4:06 ` Aneesh Kumar K.V
2008-05-15 16:32 ` Jose R. Santos
2008-06-02 0:08 ` Theodore Tso [this message]
2008-06-02 8:59 ` [PATCH] ext4: Fix use of uninitialized data Aneesh Kumar K.V
2008-06-02 10:02 ` Shen Feng
2008-06-02 10:32 ` Aneesh Kumar K.V
2008-06-03 0:57 ` Shen Feng
2008-06-03 20:02 ` Andreas Dilger
2008-06-02 13:42 ` Eric Sandeen
2008-06-02 14:17 ` Aneesh Kumar K.V
2008-06-02 14:23 ` Eric Sandeen
2008-05-14 19:07 ` [PATCH] ext4: printk stack trace on ext4_error, ext4_abort and ext4_warning Eric Sandeen
2008-05-14 19:44 ` Theodore Tso
2008-05-15 4:25 ` Aneesh Kumar K.V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080602000842.GA24339@mit.edu \
--to=tytso@mit.edu \
--cc=adilger@sun.com \
--cc=alex@clusterfs.com \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=cmm@us.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.