Fixed a serious off by 1 error. The cluster-in-use bitmap was overrun

by 1 u_int if the number of clusters was 1 more than a multiple of (8 * sizeof(u_int)). The bitmap is malloced and large (often huge), so fatal overrun probably only occurred if the number of clusters was 1 more than 1 multiple of PAGE_SIZE/8.
svn path=/head/; revision=126086
2004-02-21 22:47:19 +00:00 · 2004-02-21 22:47:19 +00:00 · 0ef0dd6f85 · 2020-12-20 02:59:44 +00:00
commit 0ef0dd6f85
parent b99c0fd2b4
1 changed files with 1 additions and 2 deletions
--- a/sys/fs/msdosfs/msdosfs_vfsops.c
+++ b/sys/fs/msdosfs/msdosfs_vfsops.c
@ -586,8 +586,7 @@ mountmsdosfs(devvp, mp, td, argp)
 	 * Allocate memory for the bitmap of allocated clusters, and then
 	 * fill it in.
 	 */
-	pmp->pm_inusemap = malloc(((pmp->pm_maxcluster + N_INUSEBITS - 1)
-				   / N_INUSEBITS)
+	pmp->pm_inusemap = malloc(howmany(pmp->pm_maxcluster + 1, N_INUSEBITS)
 				  * sizeof(*pmp->pm_inusemap),
 				  M_MSDOSFSFAT, M_WAITOK);