fee8e1a16f
ufs_vnops.c: 1) i_ino was confused with i_number, so the inode number passed to VFS_VGET() was usually wrong (usually 0U). 2) ip was dereferenced after vgone() freed it, so the inode number passed to VFS_VGET() was sometimes not even wrong. Bug (1) was usually fatal in ext2_mknod(), since ext2fs doesn't have space for inode 0 on the disk; ino_to_fsba() subtracts 1 from the inode number, so inode number 0U gives a way out of bounds array index. Bug(1) was usually harmless in ufs_mknod(); ino_to_fsba() doesn't subtract 1, and VFS_VGET() reads suitable garbage (all 0's?) from the disk for the invalid inode number 0U; ufs_mknod() returns a wrong vnode, but most callers just vput() it; the correct vnode is eventually obtained by an implicit VFS_VGET() just like it used to be. Bug (2) usually doesn't happen. |
||
---|---|---|
.. | ||
COPYRIGHT.INFO | ||
ext2_alloc.c | ||
ext2_balloc.c | ||
ext2_bmap.c | ||
ext2_extern.h | ||
ext2_fs_sb.h | ||
ext2_fs.h | ||
ext2_inode_cnv.c | ||
ext2_inode.c | ||
ext2_linux_balloc.c | ||
ext2_linux_ialloc.c | ||
ext2_lookup.c | ||
ext2_mount.h | ||
ext2_readwrite.c | ||
ext2_subr.c | ||
ext2_vfsops.c | ||
ext2_vnops.c | ||
fs.h | ||
i386-bitops.h | ||
inode.h |