svn commit: r263629 - stable/10/sbin/fsck_ffs
Kirk McKusick
mckusick at FreeBSD.org
Sat Mar 22 11:43:36 UTC 2014
Author: mckusick
Date: Sat Mar 22 11:43:35 2014
New Revision: 263629
URL: http://svnweb.freebsd.org/changeset/base/263629
Log:
MFC of 263062:
Avoid segment fault when attempting to clean up cylinder group
buffer cache.
PR: 187221
Submitted by: Petr Lampa <lampa at fit.vutbr.cz>
Obtained from: Petr Lampa <lampa at fit.vutbr.cz>
MFC after: 1 week
MFC of 262488:
Arguments for malloc and calloc should be size_t, not int.
Use proper bounds check when trying to free cached memory.
Spotted by: Xin Li
Tested by: Dmitry Sivachenko
MFC after: 2 weeks
Modified:
stable/10/sbin/fsck_ffs/fsck.h
stable/10/sbin/fsck_ffs/fsutil.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sbin/fsck_ffs/fsck.h
==============================================================================
--- stable/10/sbin/fsck_ffs/fsck.h Sat Mar 22 11:26:39 2014 (r263628)
+++ stable/10/sbin/fsck_ffs/fsck.h Sat Mar 22 11:43:35 2014 (r263629)
@@ -369,7 +369,7 @@ int flushentry(void);
* to get space.
*/
static inline void*
-Malloc(int size)
+Malloc(size_t size)
{
void *retval;
@@ -384,7 +384,7 @@ Malloc(int size)
* to get space.
*/
static inline void*
-Calloc(int cnt, int size)
+Calloc(size_t cnt, size_t size)
{
void *retval;
Modified: stable/10/sbin/fsck_ffs/fsutil.c
==============================================================================
--- stable/10/sbin/fsck_ffs/fsutil.c Sat Mar 22 11:26:39 2014 (r263628)
+++ stable/10/sbin/fsck_ffs/fsutil.c Sat Mar 22 11:43:35 2014 (r263629)
@@ -225,7 +225,7 @@ cgget(int cg)
struct cg *cgp;
if (cgbufs == NULL) {
- cgbufs = Calloc(sblock.fs_ncg, sizeof(struct bufarea));
+ cgbufs = calloc(sblock.fs_ncg, sizeof(struct bufarea));
if (cgbufs == NULL)
errx(EEXIT, "cannot allocate cylinder group buffers");
}
@@ -254,6 +254,8 @@ flushentry(void)
{
struct bufarea *cgbp;
+ if (flushtries == sblock.fs_ncg || cgbufs == NULL)
+ return (0);
cgbp = &cgbufs[flushtries++];
if (cgbp->b_un.b_cg == NULL)
return (0);
@@ -434,13 +436,15 @@ ckfini(int markclean)
}
if (numbufs != cnt)
errx(EEXIT, "panic: lost %d buffers", numbufs - cnt);
- for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
- if (cgbufs[cnt].b_un.b_cg == NULL)
- continue;
- flush(fswritefd, &cgbufs[cnt]);
- free(cgbufs[cnt].b_un.b_cg);
+ if (cgbufs != NULL) {
+ for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
+ if (cgbufs[cnt].b_un.b_cg == NULL)
+ continue;
+ flush(fswritefd, &cgbufs[cnt]);
+ free(cgbufs[cnt].b_un.b_cg);
+ }
+ free(cgbufs);
}
- free(cgbufs);
pbp = pdirbp = (struct bufarea *)0;
if (cursnapshot == 0 && sblock.fs_clean != markclean) {
if ((sblock.fs_clean = markclean) != 0) {
More information about the svn-src-all
mailing list