[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug#78364: marked as done (hurd: lookup for names > diskfs_name_max kill
|
From: |
Debian Bug Tracking System |
|
Subject: |
Bug#78364: marked as done (hurd: lookup for names > diskfs_name_max kills filesystem) |
|
Date: |
Thu, 30 Nov 2000 13:18:27 -0600 |
Your message dated Thu, 30 Nov 2000 20:14:56 +0100
with message-id <20001130201456.A371@ulysses.dhis.net>
and subject line hurd: lookup for names > diskfs_name_max kills filesystem
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Darren Benham
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 Nov 2000 22:16:59 +0000
>From Marcus.Brinkmann@ruhr-uni-bochum.de Wed Nov 29 16:16:59 2000
Return-path: <Marcus.Brinkmann@ruhr-uni-bochum.de>
Received: from (c3po.terralink.de) [194.97.37.23] (qmailr)
by master.debian.org with smtp (Exim 3.12 1 (Debian))
id 141FX9-0007LE-00; Wed, 29 Nov 2000 16:16:59 -0600
Received: (qmail 1948 invoked from network); 29 Nov 2000 22:16:53 -0000
Received: from 213?21?42?69.surf-callino.de (HELO localhost) (mail@213.21.42.69)
by c3po.t-link.de with SMTP; 29 Nov 2000 22:16:53 -0000
Received: from marcus by localhost with local (Exim 3.16 #1 (Debian))
id 141FY4-00008J-00; Wed, 29 Nov 2000 23:17:56 +0100
From: Marcus.Brinkmann@ruhr-uni-bochum.de
Subject: hurd: lookup for names > diskfs_name_max kills filesystem
To: submit@bugs.debian.org
X-Mailer: bug 3.2.9
Message-Id: <E141FY4-00008J-00@localhost>
Date: Wed, 29 Nov 2000 23:17:56 +0100
Organization: Marcus Brinkmann's Home
Delivered-To: submit@bugs.debian.org
Package: hurd
Version: N/A
Severity: normal
Hi,
touch [ALT+256] x
crashes the filesystem. Further debugging showed that the crash happens
immediately after diskfs_S_dir_lookup is called, in the destructor.
The destuctor for dir_lookup is in libdiskfs/priv.h, it is:
extern inline void
end_using_protid_port (struct protid *cred)
{
if (cred)
ports_port_deref (cred);
}
The crash happens in ports_port_deref, when trying to derefence pi, which is
just cred but interpreted as a pointer to a struct port_info.
Now, that's weird. It crashes with E_BAD_ACCESS in ports_port_deref, because
it can't access the memory at cred. I verified that in _Xdir_lookup
start_dir = begin_using_protid_port(In0P->Head.msgh_request_port);
OutP->RetCode = diskfs_S_dir_lookup(start_dir, In0P->file_name,
In0P->flags, In0P->mode, &OutP->do_retry, OutP->retry_name, &OutP->result,
&resultPoly);
end_using_protid_port(start_dir);
the value of start_dir isn't mangled (wouldn't make sense anyway).
It is the same for diskfs_S_dir_lookup as for end_using_protid_port.
Maybe the memory at this location is accidently freed? How could this
happen? I single stepped through diskfs_S_dir_lookup and diskfs_lookup,
without seeing anything special.
Any hints appreciated,
Marcus
-- System Information
Debian Release: 2.2
Kernel Version: Linux ulysses 2.4.0-test9 #1 Mon Okt 30 20:36:05 CET 2000 i686
unknown
---------------------------------------
Received: (at 78364-done) by bugs.debian.org; 30 Nov 2000 19:12:08 +0000
>From Marcus.Brinkmann@ruhr-uni-bochum.de Thu Nov 30 13:12:08 2000
Return-path: <Marcus.Brinkmann@ruhr-uni-bochum.de>
Received: from (c3po.terralink.de) [194.97.37.23] (qmailr)
by master.debian.org with smtp (Exim 3.12 1 (Debian))
id 141Z7n-0005bK-00; Thu, 30 Nov 2000 13:12:07 -0600
Received: (qmail 12592 invoked from network); 30 Nov 2000 19:12:01 -0000
Received: from 213?21?44?245.surf-callino.de (HELO localhost)
(mail@213.21.44.245)
by c3po.t-link.de with SMTP; 30 Nov 2000 19:12:01 -0000
Received: from marcus by localhost with local (Exim 3.16 #1 (Debian))
for 78364-done@bugs.debian.org
id 141ZAW-0000Ar-00; Thu, 30 Nov 2000 20:14:56 +0100
Date: Thu, 30 Nov 2000 20:14:56 +0100
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
To: 78364-done@bugs.debian.org
Subject: Re: hurd: lookup for names > diskfs_name_max kills filesystem
Message-ID: <20001130201456.A371@ulysses.dhis.net>
References: <E141FY4-00008J-00@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.4i
In-Reply-To: <E141FY4-00008J-00@localhost>; from
Marcus.Brinkmann@ruhr-uni-bochum.de on Wed, Nov 29, 2000 at 11:17:56PM +0100
Organization: Marcus Brinkmann's Home
Delivered-To: 78364-done@bugs.debian.org
On Wed, Nov 29, 2000 at 11:17:56PM +0100, Marcus.Brinkmann@ruhr-uni-bochum.de
wrote:
> touch [ALT+256] x
>
> crashes the filesystem.
The reason is that struct dirstat *ds is not cleared and contains bogus
information. This frees some random memory in diskfs_drop_dir_stat.
The following chnage fixes that:
ext2fs, ufs:
2000-11-30 Marcus Brinkmann <marcus@gnu.org>
* dir.c (diskfs_lookup_hard): If name is too long, clear
DS before returning ENAMETOOLONG.
Marcus
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann GNU http://www.gnu.org marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de