From: Hans Reiser <reiser@namesys.com>
To: Jeff Mahoney <jeffm@suse.com>
Cc: ReiserFS List <reiserfs-list@namesys.com>,
vs <vs@thebsh.namesys.com>, Edward Shishkin <edward@namesys.com>
Subject: Re: Static overrun in reiser3
Date: Wed, 15 Mar 2006 13:49:06 -0800 [thread overview]
Message-ID: <44188BD2.50709@namesys.com> (raw)
In-Reply-To: <44188907.50100@suse.com>
Jeff Mahoney wrote:
>
> Hi Hans -
>
> I've been playing around with the Coverity code checker, and while I
> think it still sees a few too many false positives, it's a good tool.
Thanks for doing that work! If you could do it for V4, that would be
great too. If not, maybe Edward could do it.
>
> Anyway, one of the potential bugs it came up with in reiserfs was this
> one:
>
> struct tree_balance contains a number of arrays of size MAX_HEIGHT (5).
> In fix_nodes(), line 2502, we see:
> p_s_tb->insert_size[n_h + 1] =
> (DC_SIZE + KEY_SIZE) * (p_s_tb->blknum[n_h]
> - 1);
>
> I haven't run a thorough analysis, but is it possible for n_h to be 4
> there, and then n_h + 1 would be 5, overrunning into the next field of
> struct tree_balance? The tool seems to think so, but it also thought
> that not checking that dentry->d_inode != NULL after calling
> inode->i_op->mkdir was invalid, even though a successful return value
> implies that dentry->d_inode != NULL.
I'll let vs answer this.
>
> -Jeff
>
> --
> Jeff Mahoney
> SUSE Labs
next prev parent reply other threads:[~2006-03-15 21:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-15 21:37 Static overrun in reiser3 Jeff Mahoney
2006-03-15 21:49 ` Hans Reiser [this message]
2006-03-15 21:56 ` Jeff Mahoney
2006-03-15 22:01 ` Hans Reiser
2006-03-15 22:07 ` Jeff Mahoney
2006-03-16 2:40 ` Valdis.Kletnieks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44188BD2.50709@namesys.com \
--to=reiser@namesys.com \
--cc=edward@namesys.com \
--cc=jeffm@suse.com \
--cc=reiserfs-list@namesys.com \
--cc=vs@thebsh.namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.