Public bug reported: In the portion of code copied below from mhddfs/main.c, version 0.1.38, the function mhdd_statfs does: stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); devices = calloc(mhdd.cdirs, sizeof(dev_t)); and it should do: stats = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(struct statvfs)); devices = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(dev_t)); because they are used as arrays with stats[i] and devices[i]
I'm not 100% sure about this being an actual error, and I'm guessing this may be working with some compilers or in some circumstances, yet I think this: int ret = statvfs(mhdd.dirs[i], stats+i); should be replaced by this: int ret = statvfs(mhdd.dirs[i], stats[i]); Here is the portion of code: static int mhdd_statfs(const char *path, struct statvfs *buf) { int i, j; struct statvfs * stats; struct stat st; dev_t * devices; mhdd_debug(MHDD_MSG, "mhdd_statfs: %s\n", path); stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); // HERE devices = calloc(mhdd.cdirs, sizeof(dev_t)); //HERE for (i = 0; i < mhdd.cdirs; i++) { int ret = statvfs(mhdd.dirs[i], stats+i); //HERE if (ret != 0) { free(stats); free(devices); return -errno; } ret = stat(mhdd.dirs[i], &st); if (ret != 0) { free(stats); free(devices); return -errno; } devices[i] = st.st_dev; } unsigned long min_block = stats[0].f_bsize, min_frame = stats[0].f_frsize; for (i = 1; i<mhdd.cdirs; i++) { if (min_block>stats[i].f_bsize) min_block = stats[i].f_bsize; if (min_frame>stats[i].f_frsize) min_frame = stats[i].f_frsize; } ... } /* mhddfs - Multi HDD [FUSE] File System Copyright (C) 2008 Dmitry E. Oboukhov <di...@avanto.org> ... Modified by Glenn Washburn <gwashb...@crossroads.com> (added support for extended attributes.) */ ** Affects: mhddfs (Ubuntu) Importance: Undecided Status: New ** Description changed: - In the portion of code copied below from mhddfs/main.c, version 0.1.38, the function mhdd_statfs does - stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); - and it should do - stats = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(struct statvfs)); + In the portion of code copied below from mhddfs/main.c, version 0.1.38, the function mhdd_statfs does: + stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); + devices = calloc(mhdd.cdirs, sizeof(dev_t)); + and it should do: + stats = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(struct statvfs)); + devices = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(dev_t)); because they are used as arrays with stats[i] and devices[i] I'm not 100% sure about this being an actual error, and I'm guessing this may be working with some compilers or in some circumstances, yet I think this: - int ret = statvfs(mhdd.dirs[i], stats+i); //HERE + int ret = statvfs(mhdd.dirs[i], stats+i); should be replaced by this: - int ret = statvfs(mhdd.dirs[i], stats+i); //HERE + int ret = statvfs(mhdd.dirs[i], stats[i]); - Here is the portion of code, + Here is the portion of code: static int mhdd_statfs(const char *path, struct statvfs *buf) { - int i, j; - struct statvfs * stats; - struct stat st; - dev_t * devices; + int i, j; + struct statvfs * stats; + struct stat st; + dev_t * devices; - mhdd_debug(MHDD_MSG, "mhdd_statfs: %s\n", path); + mhdd_debug(MHDD_MSG, "mhdd_statfs: %s\n", path); - stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); // HERE - devices = calloc(mhdd.cdirs, sizeof(dev_t)); //HERE + stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); // HERE + devices = calloc(mhdd.cdirs, sizeof(dev_t)); //HERE - for (i = 0; i < mhdd.cdirs; i++) { - int ret = statvfs(mhdd.dirs[i], stats+i); //HERE - if (ret != 0) { - free(stats); - free(devices); - return -errno; - } + for (i = 0; i < mhdd.cdirs; i++) { + int ret = statvfs(mhdd.dirs[i], stats+i); //HERE + if (ret != 0) { + free(stats); + free(devices); + return -errno; + } - ret = stat(mhdd.dirs[i], &st); - if (ret != 0) { - free(stats); - free(devices); - return -errno; - } - devices[i] = st.st_dev; - } + ret = stat(mhdd.dirs[i], &st); + if (ret != 0) { + free(stats); + free(devices); + return -errno; + } + devices[i] = st.st_dev; + } - unsigned long - min_block = stats[0].f_bsize, - min_frame = stats[0].f_frsize; + unsigned long + min_block = stats[0].f_bsize, + min_frame = stats[0].f_frsize; - for (i = 1; i<mhdd.cdirs; i++) { - if (min_block>stats[i].f_bsize) min_block = stats[i].f_bsize; - if (min_frame>stats[i].f_frsize) min_frame = stats[i].f_frsize; - } + for (i = 1; i<mhdd.cdirs; i++) { + if (min_block>stats[i].f_bsize) min_block = stats[i].f_bsize; + if (min_frame>stats[i].f_frsize) min_frame = stats[i].f_frsize; + } ... } - /* - mhddfs - Multi HDD [FUSE] File System - Copyright (C) 2008 Dmitry E. Oboukhov <di...@avanto.org> + mhddfs - Multi HDD [FUSE] File System + Copyright (C) 2008 Dmitry E. Oboukhov <di...@avanto.org> ... - Modified by Glenn Washburn <gwashb...@crossroads.com> - (added support for extended attributes.) + Modified by Glenn Washburn <gwashb...@crossroads.com> + (added support for extended attributes.) */ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1198535 Title: mhddfs Use unallocated memory which may cause undefined behaviour To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mhddfs/+bug/1198535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs