Subject: bin/36613: newfs: wrong value used for loop max when initializing the first 2 blocks of inodes
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <Todd.Miller@courtesan.com>
List: netbsd-bugs
Date: 07/07/2007 10:30:00
>Number: 36613
>Category: bin
>Synopsis: newfs: wrong value used for loop max when initializing the first 2 blocks of inodes
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jul 07 10:30:00 +0000 2007
>Originator: Todd C. Miller
>Release: -current
>Organization:
>Environment:
>Description:
In newfs/mkfs.c the wrong value used for loop max when initializing the first 2 blocks of inodes in initcg(). The bug is unlikely to surface since sblock.fs_ipg < 2 * INOPB(&sblock) in just about any conceivable case.
The enclosed diff (which you'll have to apply by hand since this is a web submission) also make the assignment of acg.cg_initediblk use MIN() for consistency.
>How-To-Repeat:
inspect code, exclaim eureka
>Fix:
Index: mkfs.c
===================================================================
RCS file: /home/cvs/netbsd/src/sbin/newfs/mkfs.c,v
retrieving revision 1.102
diff -u -r1.102 mkfs.c
--- mkfs.c 16 Oct 2006 03:04:45 -0000 1.102
+++ mkfs.c 7 Jul 2007 08:20:46 -0000
@@ -769,8 +769,7 @@
if (Oflag == 2) {
acg.cg_time = tv->tv_sec;
acg.cg_niblk = sblock.fs_ipg;
- acg.cg_initediblk = sblock.fs_ipg < 2 * INOPB(&sblock) ?
- sblock.fs_ipg : 2 * INOPB(&sblock);
+ acg.cg_initediblk = MIN(sblock.fs_ipg, 2 * INOPB(&sblock));
acg.cg_iusedoff = start;
} else {
acg.cg_old_ncyl = sblock.fs_old_cpg;
@@ -916,7 +915,7 @@
start += sblock.fs_bsize;
dp1 = (struct ufs1_dinode *)(&iobuf[start]);
dp2 = (struct ufs2_dinode *)(&iobuf[start]);
- for (i = MIN(sblock.fs_ipg, 2) * INOPB(&sblock); i != 0; i--) {
+ for (i = MIN(sblock.fs_ipg, 2 * INOPB(&sblock)); i != 0; i--) {
if (sblock.fs_magic == FS_UFS1_MAGIC) {
/* No need to swap, it'll stay random */
dp1->di_gen = arc4random() & INT32_MAX;