* [PATCH] mdadm: Fix Segmentation fault.
@ 2012-05-25 11:49 majianpeng
2012-05-28 23:23 ` NeilBrown
0 siblings, 1 reply; 2+ messages in thread
From: majianpeng @ 2012-05-25 11:49 UTC (permalink / raw)
To: Neil Brown; +Cc: linux-raid
In function write_init_super1():
If "rv = store_super1(st, di->fd)" return error and the di is the last.
Then the di = NULL && rv > 0, so exec:
if (rv)
fprintf(stderr, Name ": Failed to write metadata to%s\n",
di->devname);
will be segmentation fault.
Signed-off-by: majianpeng <majianpeng@gmail.com>
---
super1.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/super1.c b/super1.c
index 4f20cc3..37b7a90 100644
--- a/super1.c
+++ b/super1.c
@@ -1242,6 +1242,8 @@ static int write_init_super1(struct supertype *st)
rv = st->ss->write_bitmap(st, di->fd);
close(di->fd);
di->fd = -1;
+ if (rv)
+ goto error_out;
}
error_out:
if (rv)
--
1.7.5.4
--------------
majianpeng
2012-05-25
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mdadm: Fix Segmentation fault.
2012-05-25 11:49 [PATCH] mdadm: Fix Segmentation fault majianpeng
@ 2012-05-28 23:23 ` NeilBrown
0 siblings, 0 replies; 2+ messages in thread
From: NeilBrown @ 2012-05-28 23:23 UTC (permalink / raw)
To: majianpeng; +Cc: linux-raid
[-- Attachment #1: Type: text/plain, Size: 1148 bytes --]
On Fri, 25 May 2012 19:49:40 +0800 "majianpeng" <majianpeng@gmail.com> wrote:
> In function write_init_super1():
> If "rv = store_super1(st, di->fd)" return error and the di is the last.
> Then the di = NULL && rv > 0, so exec:
> if (rv)
> fprintf(stderr, Name ": Failed to write metadata to%s\n",
> di->devname);
> will be segmentation fault.
>
> Signed-off-by: majianpeng <majianpeng@gmail.com>
> ---
> super1.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/super1.c b/super1.c
> index 4f20cc3..37b7a90 100644
> --- a/super1.c
> +++ b/super1.c
> @@ -1242,6 +1242,8 @@ static int write_init_super1(struct supertype *st)
> rv = st->ss->write_bitmap(st, di->fd);
> close(di->fd);
> di->fd = -1;
> + if (rv)
> + goto error_out;
> }
> error_out:
> if (rv)
Thanks.
This doesn't only go wrong when di is the last. If di is not the last it
will not crash, but it will report an error for the wrong device.
So thanks for finding this - I've applied you patch and also remove the
'&& ! rv' test from the 'for' loop as it is now pointless.
NeilBrown
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-05-28 23:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-25 11:49 [PATCH] mdadm: Fix Segmentation fault majianpeng
2012-05-28 23:23 ` NeilBrown
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).