https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271312
Bug ID: 271312
Summary: inum > maxino should probably be inum >= maxino in
fsck_ffs
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
Created attachment 242053
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=242053&action=edit
broken file system image that causes fsck to crash due to off-by-one maxino
check
fsck_ffs has some checks for an out-of-range i-number that say "... >
maxino" which I think should be >=.
One consequence is that inoinfo() in fsutil.c can index beyond the end
of inostathead[]:
if (inum > maxino)
errx(EEXIT, "inoinfo: inumber %ju out of range",
(uintmax_t)inum);
ilp = &inostathead[inum / sblock.fs_ipg];
A backtrace from fsck_ffs -y on the attached file-system image:
Program received signal SIGBUS, Bus error.
Object-specific hardware error.
0x000000000021f051 in pass2check (idesc=0x7fffffffe7b8) at pass2.c:486
486 switch (inoinfo(dirp->d_ino)->ino_state) {
(gdb) where
#0 0x000000000021f051 in pass2check (idesc=0x7fffffffe7b8) at pass2.c:486
#1 0x00000000002093e7 in dirscan (idesc=0x7fffffffe7b8) at dir.c:211
#2 0x000000000021318b in ckinode (dp=0x7fffffffe6b8, idesc=0x7fffffffe7b8)
at inode.c:126
#3 0x000000000021e130 in pass2 () at pass2.c:202
#4 0x0000000000219a7d in checkfilesys (filesys=0x7fffffffed79 "junk")
at main.c:468
#5 0x0000000000218f42 in main (argc=1, argv=0x7fffffffea28) at main.c:210
--
You are receiving this mail because:
You are the assignee for the bug.
