Wed Oct 3 23:32:43 2012 UTC ()
We don't actually want to round the number of elements in the bitmap
down.  Fixes a self-inflicted buffer overrun.

(This was detected by chance that the top of the bitmap coincided with
a page boundary.)


(jakllsch)
diff -r1.96 -r1.97 src/sys/fs/msdosfs/msdosfs_vfsops.c
cvs diff -r1.96 -r1.97 src/sys/fs/msdosfs/msdosfs_vfsops.c (expand / switch to unified diff)

--- src/sys/fs/msdosfs/msdosfs_vfsops.c 2012/07/07 16:18:50 1.96
+++ src/sys/fs/msdosfs/msdosfs_vfsops.c 2012/10/03 23:32:43 1.97
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: msdosfs_vfsops.c,v 1.96 2012/07/07 16:18:50 tsutsui Exp $ */ 1/* $NetBSD: msdosfs_vfsops.c,v 1.97 2012/10/03 23:32:43 jakllsch Exp $ */
2 2
3/*- 3/*-
4 * Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank. 4 * Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
5 * Copyright (C) 1994, 1995, 1997 TooLs GmbH. 5 * Copyright (C) 1994, 1995, 1997 TooLs GmbH.
6 * All rights reserved. 6 * All rights reserved.
7 * Original code by Paul Popelka (paulp@uts.amdahl.com) (see below). 7 * Original code by Paul Popelka (paulp@uts.amdahl.com) (see below).
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -38,27 +38,27 @@ @@ -38,27 +38,27 @@
38 * it, and don't remove this notice. 38 * it, and don't remove this notice.
39 * 39 *
40 * This software is provided "as is". 40 * This software is provided "as is".
41 * 41 *
42 * The author supplies this software to be publicly redistributed on the 42 * The author supplies this software to be publicly redistributed on the
43 * understanding that the author is not responsible for the correct 43 * understanding that the author is not responsible for the correct
44 * functioning of this software in any circumstances and is not liable for 44 * functioning of this software in any circumstances and is not liable for
45 * any damages caused by this software. 45 * any damages caused by this software.
46 * 46 *
47 * October 1992 47 * October 1992
48 */ 48 */
49 49
50#include <sys/cdefs.h> 50#include <sys/cdefs.h>
51__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.96 2012/07/07 16:18:50 tsutsui Exp $"); 51__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.97 2012/10/03 23:32:43 jakllsch Exp $");
52 52
53#if defined(_KERNEL_OPT) 53#if defined(_KERNEL_OPT)
54#include "opt_compat_netbsd.h" 54#include "opt_compat_netbsd.h"
55#endif 55#endif
56 56
57#include <sys/param.h> 57#include <sys/param.h>
58#include <sys/systm.h> 58#include <sys/systm.h>
59#include <sys/sysctl.h> 59#include <sys/sysctl.h>
60#include <sys/namei.h> 60#include <sys/namei.h>
61#include <sys/proc.h> 61#include <sys/proc.h>
62#include <sys/kernel.h> 62#include <sys/kernel.h>
63#include <sys/vnode.h> 63#include <sys/vnode.h>
64#include <miscfs/genfs/genfs.h> 64#include <miscfs/genfs/genfs.h>
@@ -761,27 +761,27 @@ msdosfs_mountfs(struct vnode *devvp, str @@ -761,27 +761,27 @@ msdosfs_mountfs(struct vnode *devvp, str
761 /* 761 /*
762 * Check and validate (or perhaps invalidate?) the fsinfo structure? 762 * Check and validate (or perhaps invalidate?) the fsinfo structure?
763 * XXX 763 * XXX
764 */ 764 */
765 if (pmp->pm_fsinfo) { 765 if (pmp->pm_fsinfo) {
766 if (pmp->pm_nxtfree == (u_long)-1) 766 if (pmp->pm_nxtfree == (u_long)-1)
767 pmp->pm_fsinfo = 0; 767 pmp->pm_fsinfo = 0;
768 } 768 }
769 769
770 /* 770 /*
771 * Allocate memory for the bitmap of allocated clusters, and then 771 * Allocate memory for the bitmap of allocated clusters, and then
772 * fill it in. 772 * fill it in.
773 */ 773 */
774 pmp->pm_inusemap = malloc(((pmp->pm_maxcluster + N_INUSEBITS - 1) 774 pmp->pm_inusemap = malloc(((pmp->pm_maxcluster + N_INUSEBITS)
775 / N_INUSEBITS) 775 / N_INUSEBITS)
776 * sizeof(*pmp->pm_inusemap), 776 * sizeof(*pmp->pm_inusemap),
777 M_MSDOSFSFAT, M_WAITOK); 777 M_MSDOSFSFAT, M_WAITOK);
778 778
779 /* 779 /*
780 * fillinusemap() needs pm_devvp. 780 * fillinusemap() needs pm_devvp.
781 */ 781 */
782 pmp->pm_dev = dev; 782 pmp->pm_dev = dev;
783 pmp->pm_devvp = devvp; 783 pmp->pm_devvp = devvp;
784 784
785 /* 785 /*
786 * Have the inuse map filled in. 786 * Have the inuse map filled in.
787 */ 787 */