patch to fix issue 739

Nicolas Thery nthery at gmail.com
Mon Jul 30 02:20:49 PDT 2007


Hello,

I reckon the following patch fixes http://bugs.dragonflybsd.org/issue739.

I couldn't reproduce the issue, so I simply rebuilt the kernel to test
this patch.

When the collision occurs in deget(), the newly created vnode (nvp) is
destroyed.
At this point, nvp->v_data does not yet point to the denode (ldep) and is
presumably NULL, so when nvp->v_data is dereferenced in msdosfs_inactive()
(dep->de_name[0] == SLOT_DELETED), the kernel takes a fault.

The patch simply checks that dep is not NULL before dereferencing it.  This
mimics what is done in ufs_inactive() and is documented in
http://www.dragonflybsd.org/cvsweb/src/sys/vfs/ufs/ufs_ihash.c?r1=1.12.

Cheers,
Nicolas

Index: msdosfs_denode.c
===================================================================
RCS file: /home/dcvs/src/sys/vfs/msdosfs/msdosfs_denode.c,v
retrieving revision 1.29
diff -u -r1.29 msdosfs_denode.c
--- msdosfs_denode.c    14 Jun 2007 02:55:27 -0000      1.29
+++ msdosfs_denode.c    29 Jul 2007 19:11:05 -0000
@@ -698,7 +698,7 @@
       /*
        * Ignore denodes related to stale file handles.
        */
-       if (dep->de_Name[0] == SLOT_DELETED)
+       if (dep == NULL || dep->de_Name[0] == SLOT_DELETED)
               goto out;

       /*





More information about the Submit mailing list