NetBSD Problem Report #26637

Received: (qmail 5163 invoked by uid 605); 13 Aug 2004 08:17:49 -0000
Message-Id: <20040813081745.4E0C63F457@dev1.tabemo.com>
Date: Fri, 13 Aug 2004 17:17:45 +0900 (JST)
From: cjs@netbsd.org
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: cjs@tabemo.com
To: gnats-bugs@gnats.NetBSD.org
Subject: newfs reads/writes blocks smaller than the sector size
X-Send-Pr-Version: 3.95

>Number:         26637
>Category:       bin
>Synopsis:       newfs reads/writes blocks smaller than the sector size
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Aug 13 08:18:00 +0000 2004
>Closed-Date:    
>Last-Modified:  
>Originator:     Curt Sampson
>Release:        NetBSD 2.0_BETA Mon Jul 12 01:40:25 UTC 2004
>Organization:
>Environment:
System: NetBSD dev1.tabemo.com 2.0_BETA NetBSD 2.0_BETA (GENERIC) #0: Mon Jul 12 01:40:25 UTC 2004 autobuild@tgm.netbsd.org:/autobuild/netbsd-2-0/i386/OBJ/autobuild/netbsd-2-0/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:

    newfs, when trying to create a new filesystem, at one point attempts
    to read and possibly write a buffer that is potentially smaller than
    the sector size of the device.

>How-To-Repeat:

    Attempt to newfs a DVD-RAM or anything else with a 2048 byte or larger
    sector size.

>Fix:

Here's a patch against 2.0-beta:

Index: mkfs.c
===================================================================
RCS file: /cvsroot/src/sbin/newfs/mkfs.c,v
retrieving revision 1.87.2.1
diff -u -r1.87.2.1 mkfs.c
--- mkfs.c	27 Apr 2004 17:26:24 -0000	1.87.2.1
+++ mkfs.c	13 Aug 2004 08:17:20 -0000
@@ -171,6 +171,9 @@
 	long long sizepb;
 	int nprintcols, printcolwidth;

+	struct appleufslabel *appleufs;
+	int appleufs_bufsize;
+
 #ifndef STANDALONE
 	gettimeofday(&tv, NULL);
 #endif
@@ -605,23 +608,34 @@
 			zap_old_sblock(roundup(sblkoff, sz));
 	}

+	if (sectorsize > APPLEUFS_LABEL_SIZE)
+		appleufs_bufsize = sectorsize;
+	else
+		appleufs_bufsize = APPLEUFS_LABEL_SIZE;
+	appleufs = malloc(appleufs_bufsize);
+	if (appleufs == NULL) {
+		printf("Out of memory.\n");
+		exit(1);
+	}
+
 	if (isappleufs) {
-		struct appleufslabel appleufs;
-		ffs_appleufs_set(&appleufs, appleufs_volname, tv.tv_sec, 0);
-		wtfs(APPLEUFS_LABEL_OFFSET/sectorsize, APPLEUFS_LABEL_SIZE, 
-		    &appleufs);
+		ffs_appleufs_set(appleufs, appleufs_volname, tv.tv_sec, 0);
+		wtfs(APPLEUFS_LABEL_OFFSET/sectorsize, appleufs_bufsize, 
+		    appleufs);
+		free(appleufs);
 	} else {
-		struct appleufslabel appleufs;
 		/* Look for and zap any existing valid apple ufs labels */
-		rdfs(APPLEUFS_LABEL_OFFSET/sectorsize, APPLEUFS_LABEL_SIZE, 
-		    &appleufs);
-		if (ffs_appleufs_validate(fsys, &appleufs, NULL) == 0) {
-			memset(&appleufs, 0, sizeof(appleufs));
-			wtfs(APPLEUFS_LABEL_OFFSET/sectorsize, APPLEUFS_LABEL_SIZE, 
-			    &appleufs);
+		rdfs(APPLEUFS_LABEL_OFFSET/sectorsize, appleufs_bufsize, 
+		    appleufs);
+		if (ffs_appleufs_validate(fsys, appleufs, NULL) == 0) {
+			memset(appleufs, 0, sizeof(struct appleufslabel));
+			wtfs(APPLEUFS_LABEL_OFFSET/sectorsize, appleufs_bufsize, 
+			    appleufs);
 		}
 	}

+	free(appleufs);
+
 	/*
 	 * Make a copy of the superblock into the buffer that we will be
 	 * writing out in each cylinder group.
>Release-Note:
>Audit-Trail:
>Unformatted:

Home	PR Database Search