Public bug reported:
In the portion of code copied below from mhddfs/main.c, version 0.1.38, the
function mhdd_statfs does:
stats = calloc(mhdd.cdirs, sizeof(struct statvfs));
devices = calloc(mhdd.cdirs, sizeof(dev_t));
and it should do:
stats = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(struct statvfs));
devices = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(dev_t));
because they are used as arrays with stats[i] and devices[i]
I'm not 100% sure about this being an actual error, and I'm guessing this may
be working with some compilers or in some circumstances, yet I think this:
int ret = statvfs(mhdd.dirs[i], stats+i);
should be replaced by this:
int ret = statvfs(mhdd.dirs[i], stats[i]);
Here is the portion of code:
static int mhdd_statfs(const char *path, struct statvfs *buf)
{
int i, j;
struct statvfs * stats;
struct stat st;
dev_t * devices;
mhdd_debug(MHDD_MSG, "mhdd_statfs: %s\n", path);
stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); // HERE
devices = calloc(mhdd.cdirs, sizeof(dev_t)); //HERE
for (i = 0; i < mhdd.cdirs; i++) {
int ret = statvfs(mhdd.dirs[i], stats+i); //HERE
if (ret != 0) {
free(stats);
free(devices);
return -errno;
}
ret = stat(mhdd.dirs[i], &st);
if (ret != 0) {
free(stats);
free(devices);
return -errno;
}
devices[i] = st.st_dev;
}
unsigned long
min_block = stats[0].f_bsize,
min_frame = stats[0].f_frsize;
for (i = 1; i<mhdd.cdirs; i++) {
if (min_block>stats[i].f_bsize) min_block = stats[i].f_bsize;
if (min_frame>stats[i].f_frsize) min_frame = stats[i].f_frsize;
}
...
}
/*
mhddfs - Multi HDD [FUSE] File System
Copyright (C) 2008 Dmitry E. Oboukhov <di...@avanto.org>
...
Modified by Glenn Washburn <gwashb...@crossroads.com>
(added support for extended attributes.)
*/
** Affects: mhddfs (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
- In the portion of code copied below from mhddfs/main.c, version 0.1.38, the
function mhdd_statfs does
- stats = calloc(mhdd.cdirs, sizeof(struct statvfs));
- and it should do
- stats = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(struct statvfs));
+ In the portion of code copied below from mhddfs/main.c, version 0.1.38, the
function mhdd_statfs does:
+ stats = calloc(mhdd.cdirs, sizeof(struct statvfs));
+ devices = calloc(mhdd.cdirs, sizeof(dev_t));
+ and it should do:
+ stats = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(struct statvfs));
+ devices = calloc(mhdd.cdirs, mhdd.cdirs*sizeof(dev_t));
because they are used as arrays with stats[i] and devices[i]
I'm not 100% sure about this being an actual error, and I'm guessing this may
be working with some compilers or in some circumstances, yet I think this:
- int ret = statvfs(mhdd.dirs[i], stats+i); //HERE
+ int ret = statvfs(mhdd.dirs[i], stats+i);
should be replaced by this:
- int ret = statvfs(mhdd.dirs[i], stats+i); //HERE
+ int ret = statvfs(mhdd.dirs[i], stats[i]);
- Here is the portion of code,
+ Here is the portion of code:
static int mhdd_statfs(const char *path, struct statvfs *buf)
{
- int i, j;
- struct statvfs * stats;
- struct stat st;
- dev_t * devices;
+ int i, j;
+ struct statvfs * stats;
+ struct stat st;
+ dev_t * devices;
- mhdd_debug(MHDD_MSG, "mhdd_statfs: %s\n", path);
+ mhdd_debug(MHDD_MSG, "mhdd_statfs: %s\n", path);
- stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); // HERE
- devices = calloc(mhdd.cdirs, sizeof(dev_t)); //HERE
+ stats = calloc(mhdd.cdirs, sizeof(struct statvfs)); // HERE
+ devices = calloc(mhdd.cdirs, sizeof(dev_t)); //HERE
- for (i = 0; i < mhdd.cdirs; i++) {
- int ret = statvfs(mhdd.dirs[i], stats+i); //HERE
- if (ret != 0) {
- free(stats);
- free(devices);
- return -errno;
- }
+ for (i = 0; i < mhdd.cdirs; i++) {
+ int ret = statvfs(mhdd.dirs[i], stats+i); //HERE
+ if (ret != 0) {
+ free(stats);
+ free(devices);
+ return -errno;
+ }
- ret = stat(mhdd.dirs[i], &st);
- if (ret != 0) {
- free(stats);
- free(devices);
- return -errno;
- }
- devices[i] = st.st_dev;
- }
+ ret = stat(mhdd.dirs[i], &st);
+ if (ret != 0) {
+ free(stats);
+ free(devices);
+ return -errno;
+ }
+ devices[i] = st.st_dev;
+ }
- unsigned long
- min_block = stats[0].f_bsize,
- min_frame = stats[0].f_frsize;
+ unsigned long
+ min_block = stats[0].f_bsize,
+ min_frame = stats[0].f_frsize;
- for (i = 1; i<mhdd.cdirs; i++) {
- if (min_block>stats[i].f_bsize) min_block = stats[i].f_bsize;
- if (min_frame>stats[i].f_frsize) min_frame = stats[i].f_frsize;
- }
+ for (i = 1; i<mhdd.cdirs; i++) {
+ if (min_block>stats[i].f_bsize) min_block = stats[i].f_bsize;
+ if (min_frame>stats[i].f_frsize) min_frame = stats[i].f_frsize;
+ }
...
}
-
/*
- mhddfs - Multi HDD [FUSE] File System
- Copyright (C) 2008 Dmitry E. Oboukhov <di...@avanto.org>
+ mhddfs - Multi HDD [FUSE] File System
+ Copyright (C) 2008 Dmitry E. Oboukhov <di...@avanto.org>
...
- Modified by Glenn Washburn <gwashb...@crossroads.com>
- (added support for extended attributes.)
+ Modified by Glenn Washburn <gwashb...@crossroads.com>
+ (added support for extended attributes.)
*/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1198535
Title:
mhddfs Use unallocated memory which may cause undefined behaviour
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mhddfs/+bug/1198535/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
