NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: port-vax/41315: off by one error in vfs_dirhash.c
The following reply was made to PR kern/41315; it has been noted by GNATS.
From: christos%zoulas.com@localhost (Christos Zoulas)
To: gnats-bugs%NetBSD.org@localhost, port-vax-maintainer%netbsd.org@localhost,
gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Cc:
Subject: Re: port-vax/41315: off by one error in vfs_dirhash.c
Date: Fri, 1 May 2009 10:35:16 -0400
On May 1, 2:55am, lidl%pix.net@localhost (lidl%pix.net@localhost) wrote:
-- Subject: port-vax/41315: off by one error in vfs_dirhash.c
| >Number: 41315
| >Category: port-vax
| >Synopsis: off by one error in vfs_dirhash.c
| >Confidential: no
| >Severity: serious
| >Priority: medium
| >Responsible: port-vax-maintainer
| >State: open
| >Class: sw-bug
| >Submitter-Id: net
| >Arrival-Date: Fri May 01 02:55:00 +0000 2009
| >Originator: Kurt Lidl
| >Release: netbsd-5-RC4
| >Organization:
| >Environment:
| cross-compile of netbsd-5-RC4 from solaris for a vax
| I noticed the problem compiling for a vax, but it's
| a MI kernel file.
| >Description:
| I whacked up a gcc 4.4.1-prerelease to build the netbsd-vax
| tree. (I've not updated to netbsd-5 release, but will soon.)
|
| Anyway, it complains thusly:
|
| # compile GENERIC/ncr53c9x.o
| /nbsd/vax-5/tools/bin/vax--netbsdelf-gcc -fno-pic -ffreestanding # compile
GENERIC/vfs_dirhash.o
| /nbsd/vax-5/tools/bin/vax--netbsdelf-gcc -fno-pic -ffreestanding
-fno-zero-initialized-in-bss -g -pipe -O2 -std=gnu99 -fno-strict-aliasing
-Werror -Wall -Wno-main -Wno-format-zero-length -Wpointer-arith
-Wmissing-prototypes -Wstrict-prototypes -Wswitch -Wshadow -Wcast-qual
-Wwrite-strings -Wno-unreachable-code -Wno-sign-compare -Wno-pointer-sign
-Wno-attributes -Werror -D_VAX_INLINE_ -I. -I/nbsd/nbsd-5/sys/../common/include
-I/nbsd/nbsd-5/sys/arch -I/nbsd/nbsd-5/sys -nostdinc -DLKM -DMAXUSERS=8
-D_KERNEL -D_KERNEL_OPT
-I/nbsd/nbsd-5/sys/lib/libkern/../../../common/lib/libc/quad
-I/nbsd/nbsd-5/sys/lib/libkern/../../../common/lib/libc/string
-I/nbsd/nbsd-5/sys/lib/libkern/../../../common/lib/libc/arch/vax/string
-I/nbsd/nbsd-5/sys/dist/ipf -c /nbsd/nbsd-5/sys/kern/vfs_dirhash.c
| cc1: warnings being treated as errors
| /nbsd/nbsd-5/sys/kern/vfs_dirhash.c: In function 'dirhash_purge_entries':
| /nbsd/nbsd-5/sys/kern/vfs_dirhash.c:166: error: array subscript is above
array bounds
|
|
| >How-To-Repeat:
| Do the above compile.
|
| >Fix:
| Looking at the code, a loop runs through the hash entries, and
| stops when the index reaches max value. Of course, the index value is
| incremented once more (past the end of the array) and that
| value is then used later.
|
| Backing up the index counter by one should avoid the problem.
|
| Index: sys/kern/vfs_dirhash.c
| ===================================================================
| RCS file: /cvsroot/src/sys/kern/vfs_dirhash.c,v
| retrieving revision 1.4.2.5
| diff -u -3 -r1.4.2.5 vfs_dirhash.c
| --- sys/kern/vfs_dirhash.c 6 Jan 2009 23:01:49 -0000 1.4.2.5
| +++ sys/kern/vfs_dirhash.c 30 Apr 2009 02:45:47 -0000
| @@ -159,6 +159,7 @@
| }
| }
| dirh_e = LIST_FIRST(&dirh->free_entries);
| + hashline--;
|
| while (dirh_e) {
| LIST_REMOVE(dirh_e, next);
We should pull in the fix from head.
christos
Home |
Main Index |
Thread Index |
Old Index