Re: port-vax/41315: off by one error in vfs_dirhash.c

To: gnats-bugs%NetBSD.org@localhost, port-vax-maintainer%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: port-vax/41315: off by one error in vfs_dirhash.c
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Fri, 1 May 2009 10:35:16 -0400

On May 1,  2:55am, lidl%pix.net@localhost (lidl%pix.net@localhost) wrote:
-- Subject: port-vax/41315: off by one error in vfs_dirhash.c

| >Number:         41315
| >Category:       port-vax
| >Synopsis:       off by one error in vfs_dirhash.c
| >Confidential:   no
| >Severity:       serious
| >Priority:       medium
| >Responsible:    port-vax-maintainer
| >State:          open
| >Class:          sw-bug
| >Submitter-Id:   net
| >Arrival-Date:   Fri May 01 02:55:00 +0000 2009
| >Originator:     Kurt Lidl
| >Release:        netbsd-5-RC4
| >Organization:
| >Environment:
| cross-compile of netbsd-5-RC4 from solaris for a vax
| I noticed the problem compiling for a vax, but it's
| a MI kernel file.
| >Description:
| I whacked up a gcc 4.4.1-prerelease to build the netbsd-vax
| tree.  (I've not updated to netbsd-5 release, but will soon.)
| 
| Anyway, it complains thusly:
| 
| #   compile  GENERIC/ncr53c9x.o
| /nbsd/vax-5/tools/bin/vax--netbsdelf-gcc -fno-pic -ffreestanding #   compile  
GENERIC/vfs_dirhash.o
| /nbsd/vax-5/tools/bin/vax--netbsdelf-gcc -fno-pic -ffreestanding 
-fno-zero-initialized-in-bss -g -pipe -O2 -std=gnu99 -fno-strict-aliasing 
-Werror -Wall -Wno-main -Wno-format-zero-length -Wpointer-arith 
-Wmissing-prototypes -Wstrict-prototypes -Wswitch -Wshadow -Wcast-qual 
-Wwrite-strings -Wno-unreachable-code -Wno-sign-compare -Wno-pointer-sign 
-Wno-attributes -Werror -D_VAX_INLINE_ -I. -I/nbsd/nbsd-5/sys/../common/include 
-I/nbsd/nbsd-5/sys/arch -I/nbsd/nbsd-5/sys -nostdinc -DLKM -DMAXUSERS=8 
-D_KERNEL -D_KERNEL_OPT 
-I/nbsd/nbsd-5/sys/lib/libkern/../../../common/lib/libc/quad 
-I/nbsd/nbsd-5/sys/lib/libkern/../../../common/lib/libc/string 
-I/nbsd/nbsd-5/sys/lib/libkern/../../../common/lib/libc/arch/vax/string 
-I/nbsd/nbsd-5/sys/dist/ipf -c /nbsd/nbsd-5/sys/kern/vfs_dirhash.c
| cc1: warnings being treated as errors
| /nbsd/nbsd-5/sys/kern/vfs_dirhash.c: In function 'dirhash_purge_entries':
| /nbsd/nbsd-5/sys/kern/vfs_dirhash.c:166: error: array subscript is above 
array bounds
| 
| 
| >How-To-Repeat:
| Do the above compile.
| 
| >Fix:
| Looking at the code, a loop runs through the hash entries, and
| stops when the index reaches max value.  Of course, the index value is
| incremented once more (past the end of the array) and that
| value is then used later.
| 
| Backing up the index counter by one should avoid the problem.
| 
| Index: sys/kern/vfs_dirhash.c
| ===================================================================
| RCS file: /cvsroot/src/sys/kern/vfs_dirhash.c,v
| retrieving revision 1.4.2.5
| diff -u -3 -r1.4.2.5 vfs_dirhash.c
| --- sys/kern/vfs_dirhash.c      6 Jan 2009 23:01:49 -0000       1.4.2.5
| +++ sys/kern/vfs_dirhash.c      30 Apr 2009 02:45:47 -0000
| @@ -159,6 +159,7 @@
|                 }
|         }
|         dirh_e = LIST_FIRST(&dirh->free_entries);
| +       hashline--;
| 
|         while (dirh_e) {
|                 LIST_REMOVE(dirh_e, next);

We should pull in the fix from head.

christos

References:
- port-vax/41315: off by one error in vfs_dirhash.c
  - From: lidl

Prev by Date: PR/41313 CVS commit: src/usr.bin/who
Next by Date: Re: port-vax/41315: off by one error in vfs_dirhash.c
Previous by Thread: port-vax/41315: off by one error in vfs_dirhash.c
Next by Thread: Re: port-vax/41315: off by one error in vfs_dirhash.c
Indexes:

Home | Main Index | Thread Index | Old Index