Module Name: src
Committed By: hannken
Date: Fri Nov 11 10:50:16 UTC 2016
Modified Files:
src/sys/ufs/ffs: ffs_inode.c
Log Message:
Fix a "slight tweak" from Rev. 1.121: bap1/bap2 must be valid
before using BAP_ASSIGN().
Prevents NULL pointer dereference when "lastbn >= 0".
To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 src/sys/ufs/ffs/ffs_inode.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/ufs/ffs/ffs_inode.c
diff -u src/sys/ufs/ffs/ffs_inode.c:1.122 src/sys/ufs/ffs/ffs_inode.c:1.123
--- src/sys/ufs/ffs/ffs_inode.c:1.122 Thu Nov 10 20:56:32 2016
+++ src/sys/ufs/ffs/ffs_inode.c Fri Nov 11 10:50:16 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: ffs_inode.c,v 1.122 2016/11/10 20:56:32 jdolecek Exp $ */
+/* $NetBSD: ffs_inode.c,v 1.123 2016/11/11 10:50:16 hannken Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ffs_inode.c,v 1.122 2016/11/10 20:56:32 jdolecek Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_inode.c,v 1.123 2016/11/11 10:50:16 hannken Exp $");
#if defined(_KERNEL_OPT)
#include "opt_ffs.h"
@@ -659,6 +659,10 @@ ffs_indirtrunc(struct inode *ip, daddr_t
* This assumes the truncate process would not fail, contrary
* to the wapbl case.
*/
+ if (ip->i_ump->um_fstype == UFS1)
+ bap1 = (int32_t *)bp->b_data;
+ else
+ bap2 = (int64_t *)bp->b_data;
if (lastbn >= 0 && !wapbl) {
copy = kmem_alloc(fs->fs_bsize, KM_SLEEP);
memcpy((void *)copy, bp->b_data, (u_int)fs->fs_bsize);
@@ -672,11 +676,6 @@ ffs_indirtrunc(struct inode *ip, daddr_t
bap1 = (int32_t *)copy;
else
bap2 = (int64_t *)copy;
- } else {
- if (ip->i_ump->um_fstype == UFS1)
- bap1 = (int32_t *)bp->b_data;
- else
- bap2 = (int64_t *)bp->b_data;
}
/*
