|
From: Anton A. <ai...@ca...> - 2005-07-02 18:52:25
|
On Sat, 2 Jul 2005, Szakacsits Szabolcs wrote: > On Sat, 2 Jul 2005, Yura Pakhuchiy wrote: > > Changes by: cha0smaster > > > > Update of /cvsroot/linux-ntfs/ntfsprogs > > In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21830 > > > > Modified Files: > > ChangeLog > > Log Message: > > Fix memory managament error in ntfs_inode_close. ntfs_extent_inode_open > > allocates buffer for up to 4 extent inodes, to prevent many reallocates. > > But ntfs_inode_close always reallocate buffer to store exactly @nr_extents > > inodes. Bug will arise in following scenario: > > 1) ntfs_extent_inode_open (1 extent, allocate buffer for 4) > > 2) ntfs_extent_inode_open (2 extents, use already allocated buffer) > > 3) ntfs_inode_close(extent_ni) (1 extent, reallocate buffer for 1 extent) > > 4) ntfs_extent_inode_open (2 extents, don't reallocate buffer because it > > should be for 4 elements, but really it's for 1, write to unitialized space, > > segfault) > > Nice catch! Indeed! Well spotted! Best regards, Anton -- Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @) Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK Linux NTFS maintainer / IRC: #ntfs on irc.freenode.net WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/ |
