Fix use-after-free issue!
This commit is contained in:
parent
c0e3afd8a3
commit
165933c6be
@ -1,4 +1,4 @@
|
|||||||
/* $NetBSD: nilfs_subr.c,v 1.14 2015/03/29 14:12:28 riastradh Exp $ */
|
/* $NetBSD: nilfs_subr.c,v 1.15 2020/03/21 13:39:31 reinoud Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2008, 2009 Reinoud Zandijk
|
* Copyright (c) 2008, 2009 Reinoud Zandijk
|
||||||
@ -28,7 +28,7 @@
|
|||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
#ifndef lint
|
#ifndef lint
|
||||||
__KERNEL_RCSID(0, "$NetBSD: nilfs_subr.c,v 1.14 2015/03/29 14:12:28 riastradh Exp $");
|
__KERNEL_RCSID(0, "$NetBSD: nilfs_subr.c,v 1.15 2020/03/21 13:39:31 reinoud Exp $");
|
||||||
#endif /* not lint */
|
#endif /* not lint */
|
||||||
|
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
@ -230,6 +230,7 @@ nilfs_btree_lookup_level(struct nilfs_node *node, uint64_t lblocknr,
|
|||||||
dptrs = dkeys + NILFS_BTREE_NODE_NCHILDREN_MAX(nilfsdev->blocksize);
|
dptrs = dkeys + NILFS_BTREE_NODE_NCHILDREN_MAX(nilfsdev->blocksize);
|
||||||
|
|
||||||
assert((btree_hdr->bn_flags & NILFS_BTREE_NODE_ROOT) == 0);
|
assert((btree_hdr->bn_flags & NILFS_BTREE_NODE_ROOT) == 0);
|
||||||
|
assert((btree_hdr->bn_level == level));
|
||||||
|
|
||||||
/* select matching child XXX could use binary search */
|
/* select matching child XXX could use binary search */
|
||||||
selected = 0;
|
selected = 0;
|
||||||
@ -253,7 +254,7 @@ nilfs_btree_lookup_level(struct nilfs_node *node, uint64_t lblocknr,
|
|||||||
brelse(bp, BC_AGE);
|
brelse(bp, BC_AGE);
|
||||||
|
|
||||||
return nilfs_btree_lookup_level(node, lblocknr,
|
return nilfs_btree_lookup_level(node, lblocknr,
|
||||||
child_btree_blk, btree_hdr->bn_level-1, vblocknr);
|
child_btree_blk, level-1, vblocknr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -686,9 +687,10 @@ nilfs_get_node_raw(struct nilfs_device *nilfsdev, struct nilfs_mount *ump,
|
|||||||
|
|
||||||
/* fixup inode size for system nodes */
|
/* fixup inode size for system nodes */
|
||||||
if ((ino < NILFS_USER_INO) && (ino != NILFS_ROOT_INO)) {
|
if ((ino < NILFS_USER_INO) && (ino != NILFS_ROOT_INO)) {
|
||||||
DPRINTF(VOLUMES, ("NEED TO GET my size for inode %"PRIu64"\n",
|
DPRINTF(VOLUMES, ("NEED TO GET my size for inode %"PRIu64"?\n",
|
||||||
ino));
|
ino));
|
||||||
/* for now set it to maximum, -1 is illegal */
|
/* for now set it to maximum, -1 is illegal */
|
||||||
|
DPRINTF(VOLUMES, (" current size of inode is %"PRIu64"\n", inode->i_size));
|
||||||
inode->i_size = nilfs_rw64(((uint64_t) -2));
|
inode->i_size = nilfs_rw64(((uint64_t) -2));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user