svn commit: r263630 - stable/9/sbin/fsck_ffs
Kirk McKusick
mckusick at FreeBSD.org
Sat Mar 22 11:49:45 UTC 2014
Author: mckusick
Date: Sat Mar 22 11:49:44 2014
New Revision: 263630
URL: http://svnweb.freebsd.org/changeset/base/263630
Log:
MFC of 263062:
Avoid segment fault when attempting to clean up cylinder group
buffer cache.
PR: 187221
Submitted by: Petr Lampa <lampa at fit.vutbr.cz>
Obtained from: Petr Lampa <lampa at fit.vutbr.cz>
MFC after: 1 week
MFC of 262488:
Arguments for malloc and calloc should be size_t, not int.
Use proper bounds check when trying to free cached memory.
Spotted by: Xin Li
Tested by: Dmitry Sivachenko
MFC after: 2 weeks
Modified:
stable/9/sbin/fsck_ffs/fsck.h
stable/9/sbin/fsck_ffs/fsutil.c
Directory Properties:
stable/9/ (props changed)
stable/9/sbin/ (props changed)
stable/9/sbin/fsck_ffs/ (props changed)
stable/9/sbin/ggate/ (props changed)
Modified: stable/9/sbin/fsck_ffs/fsck.h
==============================================================================
--- stable/9/sbin/fsck_ffs/fsck.h Sat Mar 22 11:43:35 2014 (r263629)
+++ stable/9/sbin/fsck_ffs/fsck.h Sat Mar 22 11:49:44 2014 (r263630)
@@ -366,7 +366,7 @@ int flushentry(void);
* to get space.
*/
static inline void*
-Malloc(int size)
+Malloc(size_t size)
{
void *retval;
@@ -381,7 +381,7 @@ Malloc(int size)
* to get space.
*/
static inline void*
-Calloc(int cnt, int size)
+Calloc(size_t cnt, size_t size)
{
void *retval;
Modified: stable/9/sbin/fsck_ffs/fsutil.c
==============================================================================
--- stable/9/sbin/fsck_ffs/fsutil.c Sat Mar 22 11:43:35 2014 (r263629)
+++ stable/9/sbin/fsck_ffs/fsutil.c Sat Mar 22 11:49:44 2014 (r263630)
@@ -205,7 +205,7 @@ cgget(int cg)
struct cg *cgp;
if (cgbufs == NULL) {
- cgbufs = Calloc(sblock.fs_ncg, sizeof(struct bufarea));
+ cgbufs = calloc(sblock.fs_ncg, sizeof(struct bufarea));
if (cgbufs == NULL)
errx(EEXIT, "cannot allocate cylinder group buffers");
}
@@ -234,6 +234,8 @@ flushentry(void)
{
struct bufarea *cgbp;
+ if (flushtries == sblock.fs_ncg || cgbufs == NULL)
+ return (0);
cgbp = &cgbufs[flushtries++];
if (cgbp->b_un.b_cg == NULL)
return (0);
@@ -414,13 +416,15 @@ ckfini(int markclean)
}
if (numbufs != cnt)
errx(EEXIT, "panic: lost %d buffers", numbufs - cnt);
- for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
- if (cgbufs[cnt].b_un.b_cg == NULL)
- continue;
- flush(fswritefd, &cgbufs[cnt]);
- free(cgbufs[cnt].b_un.b_cg);
+ if (cgbufs != NULL) {
+ for (cnt = 0; cnt < sblock.fs_ncg; cnt++) {
+ if (cgbufs[cnt].b_un.b_cg == NULL)
+ continue;
+ flush(fswritefd, &cgbufs[cnt]);
+ free(cgbufs[cnt].b_un.b_cg);
+ }
+ free(cgbufs);
}
- free(cgbufs);
pbp = pdirbp = (struct bufarea *)0;
if (cursnapshot == 0 && sblock.fs_clean != markclean) {
if ((sblock.fs_clean = markclean) != 0) {
More information about the svn-src-stable-9
mailing list