Author: mckusick
Date: Sat Nov 26 00:56:03 2016
New Revision: 309173
URL: https://svnweb.freebsd.org/changeset/base/309173
Log:
MFC r308064:
Avoid possible overflow when calclating malloc size for auxillary
data structure sizes when mounting and reloading UFS/FFS filesystems.
Modified:
stable/10/sys/ufs/ffs/ffs_vfsops.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/ufs/ffs/ffs_vfsops.c
==============================================================================
--- stable/10/sys/ufs/ffs/ffs_vfsops.c Sat Nov 26 00:43:38 2016
(r309172)
+++ stable/10/sys/ufs/ffs/ffs_vfsops.c Sat Nov 26 00:56:03 2016
(r309173)
@@ -598,7 +598,8 @@ ffs_reload(struct mount *mp, struct thre
struct fs *fs, *newfs;
struct ufsmount *ump;
ufs2_daddr_t sblockloc;
- int i, blks, size, error;
+ int i, blks, error;
+ u_long size;
int32_t *lp;
ump = VFSTOUFS(mp);
@@ -668,7 +669,7 @@ ffs_reload(struct mount *mp, struct thre
size += fs->fs_ncg * sizeof(int32_t);
size += fs->fs_ncg * sizeof(u_int8_t);
free(fs->fs_csp, M_UFSMNT);
- space = malloc((u_long)size, M_UFSMNT, M_WAITOK);
+ space = malloc(size, M_UFSMNT, M_WAITOK);
fs->fs_csp = space;
for (i = 0; i < blks; i += fs->fs_frag) {
size = fs->fs_bsize;
@@ -761,7 +762,8 @@ ffs_mountfs(devvp, mp, td)
struct cdev *dev;
void *space;
ufs2_daddr_t sblockloc;
- int error, i, blks, size, ronly;
+ int error, i, blks, len, ronly;
+ u_long size;
int32_t *lp;
struct ucred *cred;
struct g_consumer *cp;
@@ -868,11 +870,11 @@ ffs_mountfs(devvp, mp, td)
/*
* Get journal provider name.
*/
- size = 1024;
- mp->mnt_gjprovider = malloc(size, M_UFSMNT, M_WAITOK);
- if (g_io_getattr("GJOURNAL::provider", cp, &size,
+ len = 1024;
+ mp->mnt_gjprovider = malloc((u_long)len, M_UFSMNT, M_WAITOK);
+ if (g_io_getattr("GJOURNAL::provider", cp, &len,
mp->mnt_gjprovider) == 0) {
- mp->mnt_gjprovider = realloc(mp->mnt_gjprovider, size,
+ mp->mnt_gjprovider = realloc(mp->mnt_gjprovider, len,
M_UFSMNT, M_WAITOK);
MNT_ILOCK(mp);
mp->mnt_flag |= MNT_GJOURNAL;
@@ -924,7 +926,7 @@ ffs_mountfs(devvp, mp, td)
if (fs->fs_contigsumsize > 0)
size += fs->fs_ncg * sizeof(int32_t);
size += fs->fs_ncg * sizeof(u_int8_t);
- space = malloc((u_long)size, M_UFSMNT, M_WAITOK);
+ space = malloc(size, M_UFSMNT, M_WAITOK);
fs->fs_csp = space;
for (i = 0; i < blks; i += fs->fs_frag) {
size = fs->fs_bsize;
@@ -1009,8 +1011,8 @@ ffs_mountfs(devvp, mp, td)
#endif
}
if ((fs->fs_flags & FS_TRIM) != 0) {
- size = sizeof(int);
- if (g_io_getattr("GEOM::candelete", cp, &size,
+ len = sizeof(int);
+ if (g_io_getattr("GEOM::candelete", cp, &len,
&ump->um_candelete) == 0) {
if (!ump->um_candelete)
printf("WARNING: %s: TRIM flag on fs but disk "
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
