[Bug 271289] off-by-one error in fsck_ffs chkrange() block-number check

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 09 May 2023 20:09:45 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271289

--- Comment #1 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=b3fe5d932264445cbf9a1c4eab01afb6179b499b

commit b3fe5d932264445cbf9a1c4eab01afb6179b499b
Author:     Kirk McKusick <mckusick@FreeBSD.org>
AuthorDate: 2023-05-09 20:08:10 +0000
Commit:     Kirk McKusick <mckusick@FreeBSD.org>
CommitDate: 2023-05-09 20:08:10 +0000

    Fix off-by-one error in fsck_ffs(8) chkrange() block-number check.

    On an amd64-CURRENT machine with an i-node that refers to a block
    number that is one too large will cause a core dump, due to writing
    beyond the end of blockmap[] and corrupting the next heap block,
    which happens to contain a struct inoinfo in inphash[]. Note that
    valgrind catches the blockmap[] access.

    Reported by:  Robert Morris
    PR:           271289
    MFC after:    1 week
    Sponsored by: The FreeBSD Foundation

 sbin/fsck_ffs/inode.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.