aboutsummaryrefslogtreecommitdiffstats
path: root/sbin/fsck_ffs
diff options
context:
space:
mode:
authorKirk McKusick <mckusick@FreeBSD.org>2018-02-21 20:32:23 +0000
committerKirk McKusick <mckusick@FreeBSD.org>2018-02-21 20:32:23 +0000
commit12487c7243d80bdbfc5b517f9f8ef7e04cc8c072 (patch)
tree6d2679b9eadfffbd5e9718cf9cb6e0150dae9afa /sbin/fsck_ffs
parenta5e2e5c7248675cfe3338b60dff34049f3954f7f (diff)
downloadsrc-12487c7243d80bdbfc5b517f9f8ef7e04cc8c072.tar.gz
src-12487c7243d80bdbfc5b517f9f8ef7e04cc8c072.zip
Fix a read past the end of a buffer in fsck.
To minimize the time spent scanning all of the directories in pass 2 (Check Pathnames), fsck uses a search order based on the location of their first block. Zero length directories have no first block, so the array being used to hold the block numbers of directory inodes was of zero length. Thus a lookup was done past the end of the array getting at best a random value and at worst a segment fault. For zero length directories, this change allocates a one element block array and initializes it to zero. The effect is that all zero length directories are handled first in pass 2. Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D14163
Notes
Notes: svn path=/head/; revision=329749
Diffstat (limited to 'sbin/fsck_ffs')
-rw-r--r--sbin/fsck_ffs/inode.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/fsck_ffs/inode.c b/sbin/fsck_ffs/inode.c
index 34153d6111fd..e40527770a69 100644
--- a/sbin/fsck_ffs/inode.c
+++ b/sbin/fsck_ffs/inode.c
@@ -453,8 +453,10 @@ cacheino(union dinode *dp, ino_t inumber)
if (howmany(DIP(dp, di_size), sblock.fs_bsize) > UFS_NDADDR)
blks = UFS_NDADDR + UFS_NIADDR;
- else
+ else if (DIP(dp, di_size) > 0)
blks = howmany(DIP(dp, di_size), sblock.fs_bsize);
+ else
+ blks = 1;
inp = (struct inoinfo *)
Malloc(sizeof(*inp) + (blks - 1) * sizeof(ufs2_daddr_t));
if (inp == NULL)