|
From: Szakacsits S. <sz...@si...> - 2002-12-13 14:46:51
|
On Fri, 13 Dec 2002, Szakacsits Szabolcs wrote:
> > > > 3. ntfs_extent_inode_open: extents are copied to a newly
> > > > allocated memory. Before using just the pointer equality the
> > > > memory was freed by the extent and the base inode happily used
> > > > the unfreed memory => severe memory corruptions.
>
> The fix for 3 was uncomplete [sent you update], it didn't copy the
> mrec.
The below alternative patch is also ok *if* it's guaranteed an extent
inode is always closed before its base inode closed (note, there are
two users/pointers to the extent!). However this is not guaranteed.
Reference counting would solve this or the "private extent copies"
patches I sent you. Chose whatever you feel the most appropriate.
Szaka
--- libntfs/inode.c 13 Dec 2002 12:28:52 -0000 1.3
+++ libntfs/inode.c 13 Dec 2002 15:48:52 -0000
@@ -202,6 +202,9 @@
errno = EBUSY;
return -1;
}
+ /* If mapped extent inode then base inode will free it */
+ if (ni->nr_extents = -1)
+ return 0;
/* Is this a base inode with mapped extent inodes? */
if (ni->nr_extents > 0) {
int i;
|
