svn commit: r263630 - stable/9/sbin/fsck_ffs

Sat, 22 Mar 2014 04:50:26 -0700 

Author: mckusick
Date: Sat Mar 22 11:49:44 2014
New Revision: 263630
URL: http://svnweb.freebsd.org/changeset/base/263630

Log:
  MFC of 263062:
  
  Avoid segment fault when attempting to clean up cylinder group
  buffer cache.
  
  PR:             187221
  Submitted by:   Petr Lampa <la...@fit.vutbr.cz>
  Obtained from:  Petr Lampa <la...@fit.vutbr.cz>
  MFC after:      1 week
  
  MFC of 262488:
  
  Arguments for malloc and calloc should be size_t, not int.
  Use proper bounds check when trying to free cached memory.
  
  Spotted by: Xin Li
  Tested by:  Dmitry Sivachenko
  MFC after:  2 weeks

Modified:
  stable/9/sbin/fsck_ffs/fsck.h
  stable/9/sbin/fsck_ffs/fsutil.c
Directory Properties:
  stable/9/   (props changed)
  stable/9/sbin/   (props changed)
  stable/9/sbin/fsck_ffs/   (props changed)
  stable/9/sbin/ggate/   (props changed)

Modified: stable/9/sbin/fsck_ffs/fsck.h
==============================================================================
--- stable/9/sbin/fsck_ffs/fsck.h       Sat Mar 22 11:43:35 2014        
(r263629)
+++ stable/9/sbin/fsck_ffs/fsck.h       Sat Mar 22 11:49:44 2014        
(r263630)
@@ -366,7 +366,7 @@ int flushentry(void);
  * to get space.
  */
 static inline void*
-Malloc(int size)
+Malloc(size_t size)
 {
        void *retval;
 
@@ -381,7 +381,7 @@ Malloc(int size)
  * to get space.
  */
 static inline void*
-Calloc(int cnt, int size)
+Calloc(size_t cnt, size_t size)
 {
        void *retval;
 

Modified: stable/9/sbin/fsck_ffs/fsutil.c
==============================================================================
--- stable/9/sbin/fsck_ffs/fsutil.c     Sat Mar 22 11:43:35 2014        
(r263629)
+++ stable/9/sbin/fsck_ffs/fsutil.c     Sat Mar 22 11:49:44 2014        
(r263630)
@@ -205,7 +205,7 @@ cgget(int cg)
        struct cg *cgp;
 
        if (cgbufs == NULL) {
-               cgbufs = Calloc(sblock.fs_ncg, sizeof(struct bufarea));
+               cgbufs = calloc(sblock.fs_ncg, sizeof(struct bufarea));
                if (cgbufs == NULL)
                        errx(EEXIT, "cannot allocate cylinder group buffers");
        }
@@ -234,6 +234,8 @@ flushentry(void)
 {
        struct bufarea *cgbp;
 
+       if (flushtries == sblock.fs_ncg || cgbufs == NULL)
+               return (0);
        cgbp = &cgbufs[flushtries++];
        if (cgbp->b_un.b_cg == NULL)
                return (0);
@@ -414,13 +416,15 @@ ckfini(int markclean)
        }
        if (numbufs != cnt)
                errx(EEXIT, "panic: lost %d buffers", numbufs - cnt);
-       for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
-               if (cgbufs[cnt].b_un.b_cg == NULL)
-                       continue;
-               flush(fswritefd, &cgbufs[cnt]);
-               free(cgbufs[cnt].b_un.b_cg);
+       if (cgbufs != NULL) {
+               for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
+                       if (cgbufs[cnt].b_un.b_cg == NULL)
+                               continue;
+                       flush(fswritefd, &cgbufs[cnt]);
+                       free(cgbufs[cnt].b_un.b_cg);
+               }
+               free(cgbufs);
        }
-       free(cgbufs);
        pbp = pdirbp = (struct bufarea *)0;
        if (cursnapshot == 0 && sblock.fs_clean != markclean) {
                if ((sblock.fs_clean = markclean) != 0) {
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"

Reply via email to