|
From: Szakacsits S. <sz...@si...> - 2005-07-02 14:05:34
|
On Sat, 2 Jul 2005, Yura Pakhuchiy wrote: > Changes by: cha0smaster > > Update of /cvsroot/linux-ntfs/ntfsprogs > In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21830 > > Modified Files: > ChangeLog > Log Message: > Fix memory managament error in ntfs_inode_close. ntfs_extent_inode_open > allocates buffer for up to 4 extent inodes, to prevent many reallocates. > But ntfs_inode_close always reallocate buffer to store exactly @nr_extents > inodes. Bug will arise in following scenario: > 1) ntfs_extent_inode_open (1 extent, allocate buffer for 4) > 2) ntfs_extent_inode_open (2 extents, use already allocated buffer) > 3) ntfs_inode_close(extent_ni) (1 extent, reallocate buffer for 1 extent) > 4) ntfs_extent_inode_open (2 extents, don't reallocate buffer because it should be for 4 elements, but really it's for 1, write to unitialized space, segfault) Nice catch! Szaka |
