[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MiNT] [Fwd: ext2 bug Was Re: another getcwd fix (includes previous patch)]

To: mint <mint@fishpool.com>
Subject: [MiNT] [Fwd: ext2 bug Was Re: another getcwd fix (includes previous patch)]
From: Alan Hourihane <alanh@fairlite.demon.co.uk>
Date: Thu, 10 Jan 2008 16:40:31 +0000
Delivered-to: fnaumann@mail.boerde.de
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
Sender: mint-bounce@lists.fishpool.fi

This didn't make it to the list due to recent failures, but there was a
bug in ext2's handling of getcwd.

I've already updated the mintlib getcwd patch that this list has
already, but I've re-added the ext2 fix here so that can get committed.

Alan.

-------- Forwarded Message --------
From: Alan Hourihane <alanh@fairlite.demon.co.uk>
To: Vincent Rivière <vincent.riviere@freesbee.fr>
Cc: mint <mint@fishpool.com>
Subject: ext2 bug Was Re: [MiNT] another getcwd fix (includes previous
patch)
Date: Tue, 08 Jan 2008 20:07:55 +0000

On Tue, 2008-01-08 at 10:43 +0100, Vincent Rivière wrote:
> Alan Hourihane wrote :
> > I do have a testcase, but I've not delved into it to find why the
> > optimiser is causing the crash.
> > 
> > Given that the patch cures it and malloc's memory rather than from the
> > stack, I'm not inclined to go digging much further. 
> 
> I'm very frightened by that kind of bug, because the problem could be in 
> the MiNT GCC patch. If it is the case, we have to fix it. Or it may be 
> in GCC, in that case we have to make a bug report.
> 
> You have a testcase: please send it to me, I'll dig it further.

It's o.k. I had a little more time to take a closer look and it turns
out that it's a real stack smash problem caused by the ext2 xfs module.
No GCC problem for you Vincent :-)

> Anyway, your getcwd fix is really a good thing:
> - it makes the MiNTLib better, by using less stack
> - it avoids a potential GCC bug

Right. I still prefer the patch as it uses less stack.

So, I've also attached the ext2.xfs patch which is caused by the trailing
'\\' which is not calculated as part of the (len < length) test. Essentially 
we need to add 1 to len to ensure we copy the name correctly and not overwrite
memory.

I've also attached a new getcwd.c (& unx2dos.c) fix that adds __set_errno(ENOMEM)
on out of memory conditions to ensure we return errno's correctly.

Alan.

Index: ext2sys.c
===================================================================
RCS file: /mint/freemint/sys/xfs/ext2fs/ext2sys.c,v
retrieving revision 1.15
diff -u -r1.15 ext2sys.c
--- ext2sys.c	13 Jul 2007 21:32:53 -0000	1.15
+++ ext2sys.c	8 Jan 2008 19:56:35 -0000
@@ -1084,7 +1084,7 @@
 			register long i = de->name_len;
 			register char *src;
 			
-			len += i;
+			len += i + 1;
 			if (len < length)
 			{
 				src = de->name + i - 1;

Prev by Date: [MiNT] Bug in stat in FreeMiNT ??
Next by Date: Re: [MiNT] Bug in stat in FreeMiNT ??
Previous by thread: Re: [MiNT] Bug in stat in FreeMiNT ??
Next by thread: Re: [MiNT] stdio write problem in mintlib
Index(es):
- Date
- Thread