From: Stefan Seyfried <seife@suse.de>
To: linux-mtd@lists.infradead.org
Subject: Re: mkfs.jffs2 aborts with MALLOC_CHECK_=2 on x86_64
Date: Sun, 8 Mar 2009 17:46:10 +0100 [thread overview]
Message-ID: <20090308164610.GA25396@suse.de> (raw)
In-Reply-To: <49710071.3000504@suse.de>
On Fri, Jan 16, 2009 at 10:47:29PM +0100, Stefan Seyfried wrote:
> Hi,
>
> current mtd-utils' mkfs.jffs2 aborts on me:
> seife@stoetzler:~> /dev/shm/mtd-utils/mkfs.jffs2 -L
> mkfs.jffs2:
> lzo priority:80 disabled
> zlib priority:60 enabled
> rtime priority:50 enabled
>
> seife@stoetzler:~> MALLOC_CHECK_=2 /dev/shm/mtd-utils/mkfs.jffs2 -U -b -e
> 131072 -p -r . -o /tmp/img.jffs2
> Aborted
> I looked around and found out that it happens, when both enabled compressors
> return -1 in compr.c line 246, and then the free in line 258 aborts.
>
> doing
>
> #define STREAM_END_SPACE 20
>
> instead of the default of 12 in compr_zlib.c fixes it for me. However, I'm
> neither shure if this has any bad side effects, nor _why_ it fixes it.
> My host is 64bits (x86_64), maybe this is affecting the buffer sizes or
> something like that.
> Hope this is helpful.
valgrind was much more helpful than gdb in this case.
I'm pretty sure it's an integer underflow: it happens when
jffs2_rtime_compress is called with *dstlen = 1
The same in compr_zlib has not triggered for me yet, but is probably
worth fixing anyway.
diff --git a/compr_rtime.c b/compr_rtime.c
index 131536c..7353024 100644
--- a/compr_rtime.c
+++ b/compr_rtime.c
@@ -32,7 +32,7 @@ static int jffs2_rtime_compress(unsigned char *data_in, unsigned char *cpage_out
memset(positions,0,sizeof(positions));
- while (pos < (*sourcelen) && outpos <= (*dstlen)-2) {
+ while (pos < (*sourcelen) && outpos+2 <= *dstlen) {
int backpos, runlen=0;
unsigned char value;
diff --git a/compr_zlib.c b/compr_zlib.c
index 400b18a..eb415b9 100644
--- a/compr_zlib.c
+++ b/compr_zlib.c
@@ -71,7 +71,7 @@ int jffs2_zlib_compress(unsigned char *data_in, unsigned char *cpage_out,
strm.next_out = cpage_out;
strm.total_out = 0;
- while (strm.total_out < *dstlen - STREAM_END_SPACE && strm.total_in < *sourcelen) {
+ while (strm.total_out + STREAM_END_SPACE < *dstlen && strm.total_in < *sourcelen) {
strm.avail_out = *dstlen - (strm.total_out + STREAM_END_SPACE);
strm.avail_in = min((unsigned)(*sourcelen-strm.total_in), strm.avail_out);
ret = deflate(&strm, Z_PARTIAL_FLUSH);
--
Stefan Seyfried
R&D Team Mobile Devices | "Any ideas, John?"
SUSE LINUX Products GmbH, Nürnberg | "Well, surrounding them's out."
This footer brought to you by insane German lawmakers:
SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
prev parent reply other threads:[~2009-03-08 16:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-16 21:47 mkfs.jffs2 aborts with MALLOC_CHECK_=2 on x86_64 Stefan Seyfried
2009-03-08 16:46 ` Stefan Seyfried [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090308164610.GA25396@suse.de \
--to=seife@suse.de \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.