diff options
| author | Xin LI <delphij@FreeBSD.org> | 2010-01-07 01:57:13 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2010-01-07 01:57:13 +0000 |
| commit | e83e8669544eb16dc5ce6d49a637704482c62de1 (patch) | |
| tree | e9176259403db58f7a569e46aa0b09cfc4f1fff4 | |
| parent | 0dc93de7c59b1de3460e69429e51f5af5175e4d3 (diff) | |
MFC r176575:stable/5
In pass1(), cap inosused to fs_ipg rather than allowing arbitrary
number read from cylinder group. Chances that we read a smarshed
cylinder group, and we can not 100% trust information it has
supplied. fsck_ffs(8) will crash otherwise for some cases.
PR: bin/138043
Reminded by: mckusick
Notes
Notes:
svn path=/stable/5/; revision=201713
| -rw-r--r-- | sbin/fsck_ffs/pass1.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sbin/fsck_ffs/pass1.c b/sbin/fsck_ffs/pass1.c index f72887755ec2..9bfc95df00c6 100644 --- a/sbin/fsck_ffs/pass1.c +++ b/sbin/fsck_ffs/pass1.c @@ -93,9 +93,11 @@ pass1(void) inumber = c * sblock.fs_ipg; setinodebuf(inumber); getblk(&cgblk, cgtod(&sblock, c), sblock.fs_cgsize); - if (sblock.fs_magic == FS_UFS2_MAGIC) + if (sblock.fs_magic == FS_UFS2_MAGIC) { inosused = cgrp.cg_initediblk; - else + if (inosused > sblock.fs_ipg) + inosused = sblock.fs_ipg; + } else inosused = sblock.fs_ipg; if (got_siginfo) { printf("%s: phase 1: cyl group %d of %d (%d%%)\n", |