* [PATCH] reiserfsprogs: id_map_init off-by-one
@ 2006-04-20 19:10 Jeff Mahoney
2006-04-20 19:14 ` Jeff Mahoney
0 siblings, 1 reply; 3+ messages in thread
From: Jeff Mahoney @ 2006-04-20 19:10 UTC (permalink / raw)
To: ReiserFS List
The following patch fixes a bug where reiserfsck will crash if OIDs up around
the maximum are in use. The problem is that INDEX_COUNT ends up rounding down
and the last chunk isn't allocated, causing a segfault.
--- reiserfsprogs-3.6.19/fsck/uobjectid.c 2004-06-17 15:57:39.000000000 -0400
+++ reiserfsprogs-3.6.19.devel/fsck/uobjectid.c 2006-04-20 15:05:45.000000000 -0400
@@ -33,7 +33,7 @@ id_map_t *id_map_init() {
__u32 i;
map = getmem(sizeof(id_map_t));
- map->index = mem_alloc(INDEX_COUNT * sizeof(void *));
+ map->index = mem_alloc((INDEX_COUNT + 1) * sizeof(void *));
for (i = 0; i < INDEX_COUNT; i++) {
if (map->index[i] != (void *)0)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] reiserfsprogs: id_map_init off-by-one
2006-04-20 19:10 [PATCH] reiserfsprogs: id_map_init off-by-one Jeff Mahoney
@ 2006-04-20 19:14 ` Jeff Mahoney
0 siblings, 0 replies; 3+ messages in thread
From: Jeff Mahoney @ 2006-04-20 19:14 UTC (permalink / raw)
To: ReiserFS List
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeff Mahoney wrote:
> The following patch fixes a bug where reiserfsck will crash if OIDs up around
> the maximum are in use. The problem is that INDEX_COUNT ends up rounding down
> and the last chunk isn't allocated, causing a segfault.
>
> --- reiserfsprogs-3.6.19/fsck/uobjectid.c 2004-06-17 15:57:39.000000000 -0400
> +++ reiserfsprogs-3.6.19.devel/fsck/uobjectid.c 2006-04-20 15:05:45.000000000 -0400
> @@ -33,7 +33,7 @@ id_map_t *id_map_init() {
> __u32 i;
>
> map = getmem(sizeof(id_map_t));
> - map->index = mem_alloc(INDEX_COUNT * sizeof(void *));
> + map->index = mem_alloc((INDEX_COUNT + 1) * sizeof(void *));
>
> for (i = 0; i < INDEX_COUNT; i++) {
> if (map->index[i] != (void *)0)
Of course, this fix is wrong. It eliminates the bug, since the memory is
allocated, but it's not properly initialized.
- -Jeff
- --
Jeff Mahoney
SUSE Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFER92YLPWxlyuTD7IRAkuqAKCaETt3ur8/n2qK1GCKq1FtfJiT0QCfeMRx
NgMpCoJ3Zhj8mvYMqDpDoHI=
=GxSn
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] reiserfsprogs: id_map_init off-by-one
@ 2006-04-20 19:20 Jeff Mahoney
0 siblings, 0 replies; 3+ messages in thread
From: Jeff Mahoney @ 2006-04-20 19:20 UTC (permalink / raw)
To: ReiserFS List
The following patch fixes a bug where reiserfsck will crash if OIDs up around
the maximum are in use. The problem is that INDEX_COUNT ends up rounding down
and the last chunk isn't allocated, causing a segfault.
diff -rup reiserfsprogs-3.6.19/fsck/uobjectid.c reiserfsprogs-3.6.19.devel/fsck/uobjectid.c
--- reiserfsprogs-3.6.19/fsck/uobjectid.c 2004-06-17 15:57:39.000000000 -0400
+++ reiserfsprogs-3.6.19.devel/fsck/uobjectid.c 2006-04-20 15:18:26.000000000 -0400
@@ -15,7 +15,7 @@
/* 2 bytes for the counter */
#define BM_SIZE (ALLOC_SIZE - sizeof(__u16))
#define BM_INTERVAL (BM_SIZE * 8)
-#define INDEX_COUNT (MAX_ID / BM_INTERVAL)
+#define INDEX_COUNT ((MAX_ID / BM_INTERVAL) + 1)
#define id_map_interval(map, id) (map->index + (id / BM_INTERVAL))
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-04-20 19:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-20 19:10 [PATCH] reiserfsprogs: id_map_init off-by-one Jeff Mahoney
2006-04-20 19:14 ` Jeff Mahoney
-- strict thread matches above, loose matches on Subject: below --
2006-04-20 19:20 Jeff Mahoney
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.