CVS commit: src/sys/fs/nilfs

Sat, 21 Mar 2020 06:39:50 -0700 

Module Name:    src
Committed By:   reinoud
Date:           Sat Mar 21 13:39:31 UTC 2020

Modified Files:
        src/sys/fs/nilfs: nilfs_subr.c

Log Message:
Fix use-after-free issue!


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sys/fs/nilfs/nilfs_subr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/fs/nilfs/nilfs_subr.c
diff -u src/sys/fs/nilfs/nilfs_subr.c:1.14 src/sys/fs/nilfs/nilfs_subr.c:1.15
--- src/sys/fs/nilfs/nilfs_subr.c:1.14	Sun Mar 29 14:12:28 2015
+++ src/sys/fs/nilfs/nilfs_subr.c	Sat Mar 21 13:39:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: nilfs_subr.c,v 1.14 2015/03/29 14:12:28 riastradh Exp $ */
+/* $NetBSD: nilfs_subr.c,v 1.15 2020/03/21 13:39:31 reinoud Exp $ */
 
 /*
  * Copyright (c) 2008, 2009 Reinoud Zandijk
@@ -28,7 +28,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: nilfs_subr.c,v 1.14 2015/03/29 14:12:28 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nilfs_subr.c,v 1.15 2020/03/21 13:39:31 reinoud Exp $");
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -230,6 +230,7 @@ nilfs_btree_lookup_level(struct nilfs_no
 	dptrs = dkeys + NILFS_BTREE_NODE_NCHILDREN_MAX(nilfsdev->blocksize);
 
 	assert((btree_hdr->bn_flags & NILFS_BTREE_NODE_ROOT) == 0);
+	assert((btree_hdr->bn_level == level));
 
 	/* select matching child XXX could use binary search */
 	selected = 0;
@@ -253,7 +254,7 @@ nilfs_btree_lookup_level(struct nilfs_no
 	brelse(bp, BC_AGE);
 
 	return nilfs_btree_lookup_level(node, lblocknr,
-			child_btree_blk, btree_hdr->bn_level-1, vblocknr);
+			child_btree_blk, level-1, vblocknr);
 }
 
 
@@ -686,9 +687,10 @@ nilfs_get_node_raw(struct nilfs_device *
 
 	/* fixup inode size for system nodes */
 	if ((ino < NILFS_USER_INO) && (ino != NILFS_ROOT_INO)) {
-		DPRINTF(VOLUMES, ("NEED TO GET my size for inode %"PRIu64"\n",
+		DPRINTF(VOLUMES, ("NEED TO GET my size for inode %"PRIu64"?\n",
 			ino));
 		/* for now set it to maximum, -1 is illegal */
+		DPRINTF(VOLUMES, ("  current size of inode is %"PRIu64"\n", inode->i_size));
 		inode->i_size = nilfs_rw64(((uint64_t) -2));
 	}

Reply via email to