[Bug 271289] off-by-one error in fsck_ffs chkrange() block-number check
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 May 2023 20:09:45 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271289 --- Comment #1 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=b3fe5d932264445cbf9a1c4eab01afb6179b499b commit b3fe5d932264445cbf9a1c4eab01afb6179b499b Author: Kirk McKusick <mckusick@FreeBSD.org> AuthorDate: 2023-05-09 20:08:10 +0000 Commit: Kirk McKusick <mckusick@FreeBSD.org> CommitDate: 2023-05-09 20:08:10 +0000 Fix off-by-one error in fsck_ffs(8) chkrange() block-number check. On an amd64-CURRENT machine with an i-node that refers to a block number that is one too large will cause a core dump, due to writing beyond the end of blockmap[] and corrupting the next heap block, which happens to contain a struct inoinfo in inphash[]. Note that valgrind catches the blockmap[] access. Reported by: Robert Morris PR: 271289 MFC after: 1 week Sponsored by: The FreeBSD Foundation sbin/fsck_ffs/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.