In fsck_ffs pass1, prevent the inosused variable from wrapping.

The loop that scans the used inode map when soft updates is in use assumes that the inosused variable is signed. However, ino_t is unsigned, so the loop invariant is incorrect and the check for inosused wrapping to < 0 can never be true. Instead of checking for wrap after the fact just prevent it from happening in the first place. PR: 218592 Submitted by: Todd Miller <todd.miller@courtesan.com> Reviewed by: mckusick MFC after: 1 week
2017-04-14 15:22:00 +00:00 · 2017-04-14 15:22:00 +00:00 · f4247773fa
commit f4247773fa
parent 366bb48985
1 changed files with 7 additions and 4 deletions
--- a/sbin/fsck_ffs/pass1.c
+++ b/sbin/fsck_ffs/pass1.c
@ -133,9 +133,14 @@ pass1(void)
 		 */
 		if ((preen || inoopt) && usedsoftdep && !rebuildcg) {
 			cp = &cg_inosused(cgp)[(inosused - 1) / CHAR_BIT];
-			for ( ; inosused > 0; inosused -= CHAR_BIT, cp--) {
-				if (*cp == 0)
+			for ( ; inosused != 0; cp--) {
+				if (*cp == 0) {
+					if (inosused > CHAR_BIT)
+						inosused -= CHAR_BIT;
+					else
+						inosused = 0;
 					continue;
+				}
 				for (i = 1 << (CHAR_BIT - 1); i > 0; i >>= 1) {
 					if (*cp & i)
 						break;
@ -143,8 +148,6 @@ pass1(void)
 				}
 				break;
 			}
-			if (inosused < 0)
-				inosused = 0;
 		}
 		/*
 		 * Allocate inoinfo structures for the allocated inodes.