Subject: kern/30394: fsck_lfs uninitialized var may result in FS corruption
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <lukem@NetBSD.org>
List: netbsd-bugs
Date: 06/02/2005 01:11:00
>Number:         30394
>Category:       kern
>Synopsis:       fsck_lfs uninitialized var may result in FS corruption
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 02 01:11:00 +0000 2005
>Originator:     Luke Mewburn
>Release:        NetBSD 3.0_BETA
>Organization:
TNF
>Environment:
Architecture: i386
Machine: i386
>Description:
	fsck_lfs/dir.c::expanddir() uses the variable newblk
	as an argument to bread() before initializing newblk.
	AFAICT, this means that a random block will be read
	and scribbled over when the directory is expanded.

	This bug appears to have been introduced in rev 1.8, where
	the following initalization was removed from line ~550:
		 if ((newblk = allocblk(sblock.lfs_frag)) == 0)
			return (0);

	I'm not 100% certain that adding this back in is the
	correct fix, so I'm submitting this PR for review by
	the LFS gurus.

>How-To-Repeat:
	Add
		CFLAGS+=-Wuninitialized
	at the end of the Makefile.
	(Note that <bsd.sys.mk> currently adds -Wno-uninitialized,
	to CFLAGS so you have to add it this way.)
	Attempt to compile.
	Inspect code.

>Fix:
	carefully.