aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2010-01-07 01:57:13 +0000
committerXin LI <delphij@FreeBSD.org>2010-01-07 01:57:13 +0000
commite83e8669544eb16dc5ce6d49a637704482c62de1 (patch)
treee9176259403db58f7a569e46aa0b09cfc4f1fff4
parent0dc93de7c59b1de3460e69429e51f5af5175e4d3 (diff)
downloadsrc-stable/5.tar.gz
src-stable/5.zip
MFC r176575:stable/5
In pass1(), cap inosused to fs_ipg rather than allowing arbitrary number read from cylinder group. Chances that we read a smarshed cylinder group, and we can not 100% trust information it has supplied. fsck_ffs(8) will crash otherwise for some cases. PR: bin/138043 Reminded by: mckusick
Notes
Notes: svn path=/stable/5/; revision=201713
-rw-r--r--sbin/fsck_ffs/pass1.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/sbin/fsck_ffs/pass1.c b/sbin/fsck_ffs/pass1.c
index f72887755ec2..9bfc95df00c6 100644
--- a/sbin/fsck_ffs/pass1.c
+++ b/sbin/fsck_ffs/pass1.c
@@ -93,9 +93,11 @@ pass1(void)
inumber = c * sblock.fs_ipg;
setinodebuf(inumber);
getblk(&cgblk, cgtod(&sblock, c), sblock.fs_cgsize);
- if (sblock.fs_magic == FS_UFS2_MAGIC)
+ if (sblock.fs_magic == FS_UFS2_MAGIC) {
inosused = cgrp.cg_initediblk;
- else
+ if (inosused > sblock.fs_ipg)
+ inosused = sblock.fs_ipg;
+ } else
inosused = sblock.fs_ipg;
if (got_siginfo) {
printf("%s: phase 1: cyl group %d of %d (%d%%)\n",