* [U-Boot] Possible bug in UBIFS function ubifs_finddir
@ 2011-06-16 11:13 Rod Boyce
2011-06-18 9:51 ` [U-Boot] [Patch] For " Rod Boyce
0 siblings, 1 reply; 9+ messages in thread
From: Rod Boyce @ 2011-06-16 11:13 UTC (permalink / raw)
To: u-boot
All,
Hello again it has been a while since I was here.
I am working on u-boot once again and think I may have found a bug in the
UBIFS sub-system.
The function is ubifs_finddir and the issue is that there seems to be a
free of a pointer in a structure that has already been freed. This is
causing the free function to rightly crash.
The code is in the error path of the ubifs_finddir at the end of the
function line 363:
if (file)
free(file);
if (dentry)
free(dentry);
if (dir)
free(dir);
if (file->private_data)
kfree(file->private_data);
file->private_data = NULL;
file->f_pos = 2;
The issue is that we are free'ing the file pointer at the top of this
block and then trying to free the private_data element after the base
pointer. I will fix and send a patch but before I do I just wanted to
make sure I was not missing the obvious.
Has this been discussed before and is there already a patch?
Regards,
Rod Boyce
^ permalink raw reply [flat|nested] 9+ messages in thread
* [U-Boot] [Patch] For bug in UBIFS function ubifs_finddir
2011-06-16 11:13 [U-Boot] Possible bug in UBIFS function ubifs_finddir Rod Boyce
@ 2011-06-18 9:51 ` Rod Boyce
2011-06-29 8:34 ` Stefan Roese
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Rod Boyce @ 2011-06-18 9:51 UTC (permalink / raw)
To: u-boot
Free private_data member element before freeing file structure. This
was causing malloc to crash. Also remove unnecessary variable
assigments after file structure was free'd.
Signed-off-by: Rod Boyce <uboot@teamboyce.co.uk>
------------------------------- fs/ubifs/ubifs.c
------------------------------
diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
index 5a5c739..61f70b2 100644
--- a/fs/ubifs/ubifs.c
+++ b/fs/ubifs/ubifs.c
@@ -360,6 +360,8 @@
return err;
}
+ if (file->private_data)
+ kfree(file->private_data);
if (file)
free(file);
if (dentry)
@@ -367,10 +369,6 @@
if (dir)
free(dir);
- if (file->private_data)
- kfree(file->private_data);
- file->private_data = NULL;
- file->f_pos = 2;
return 0;
}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [U-Boot] [Patch] For bug in UBIFS function ubifs_finddir
2011-06-18 9:51 ` [U-Boot] [Patch] For " Rod Boyce
@ 2011-06-29 8:34 ` Stefan Roese
2011-06-29 11:42 ` Detlev Zundel
2011-06-29 11:35 ` Detlev Zundel
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Stefan Roese @ 2011-06-29 8:34 UTC (permalink / raw)
To: u-boot
Hi Rod,
On Saturday 18 June 2011 11:51:11 Rod Boyce wrote:
> Free private_data member element before freeing file structure. This
> was causing malloc to crash. Also remove unnecessary variable
> assigments after file structure was free'd.
>
> Signed-off-by: Rod Boyce <uboot@teamboyce.co.uk>
> ------------------------------- fs/ubifs/ubifs.c
> ------------------------------
> diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
> index 5a5c739..61f70b2 100644
> --- a/fs/ubifs/ubifs.c
> +++ b/fs/ubifs/ubifs.c
> @@ -360,6 +360,8 @@
> return err;
> }
>
> + if (file->private_data)
> + kfree(file->private_data);
> if (file)
> free(file);
> if (dentry)
> @@ -367,10 +369,6 @@
> if (dir)
> free(dir);
>
> - if (file->private_data)
> - kfree(file->private_data);
> - file->private_data = NULL;
> - file->f_pos = 2;
> return 0;
This patch does not apply:
Applying: For bug in UBIFS function ubifs_finddir
Using index info to reconstruct a base tree...
error: patch failed: fs/ubifs/ubifs.c:360
error: fs/ubifs/ubifs.c: patch does not apply
Did you hand edit your patch?
How did you create this patch? I recommend to use "git format-patch". And send
it via "git send-email".
Also, please change the patch subject and add "ubifs:":
- For bug in UBIFS function ubifs_finddir
+ ubifs: Fix bug in function ubifs_finddir
Please also take a look at this page for patch submission:
http://www.denx.de/wiki/view/U-Boot/Patches
Thanks.
Cheers,
Stefan
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-0 Fax: (+49)-8142-66989-80 Email: office at denx.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* [U-Boot] [Patch] For bug in UBIFS function ubifs_finddir
2011-06-18 9:51 ` [U-Boot] [Patch] For " Rod Boyce
2011-06-29 8:34 ` Stefan Roese
@ 2011-06-29 11:35 ` Detlev Zundel
2011-07-25 21:57 ` Wolfgang Denk
2011-07-28 13:27 ` [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir() Wolfgang Denk
3 siblings, 0 replies; 9+ messages in thread
From: Detlev Zundel @ 2011-06-29 11:35 UTC (permalink / raw)
To: u-boot
Hi Rod,
> Free private_data member element before freeing file structure. This
> was causing malloc to crash. Also remove unnecessary variable
> assigments after file structure was free'd.
>
> Signed-off-by: Rod Boyce <uboot@teamboyce.co.uk>
> ------------------------------- fs/ubifs/ubifs.c
> ------------------------------
> diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
> index 5a5c739..61f70b2 100644
> --- a/fs/ubifs/ubifs.c
> +++ b/fs/ubifs/ubifs.c
> @@ -360,6 +360,8 @@
> return err;
> }
>
> + if (file->private_data)
> + kfree(file->private_data);
> if (file)
> free(file);
> if (dentry)
> @@ -367,10 +369,6 @@
> if (dir)
> free(dir);
>
> - if (file->private_data)
> - kfree(file->private_data);
> - file->private_data = NULL;
> - file->f_pos = 2;
> return 0;
> }
Actually the patch looks good - though I cannot apply the patch easily:
[dzu at pollux u-boot-testing (master)]$ git am -3 ~/transfer/p1
Applying: For bug in UBIFS function ubifs_finddir
Using index info to reconstruct a base tree...
error: patch failed: fs/ubifs/ubifs.c:360
error: fs/ubifs/ubifs.c: patch does not apply
Did you hand edit your patch?
It does not apply to blobs recorded in its index.
Cannot fall back to three-way merge.
Patch failed at 0001 For bug in UBIFS function ubifs_finddir
When you have resolved this problem run "git am --resolved".
If you would prefer to skip this patch, instead run "git am --skip".
To restore the original branch and stop patching run "git am --abort".
Can you please resend the patch in a way that makes it possible to apply
to current master? And if you do that, please change the subject line
to something more expressive.
Thanks
Detlev
--
... the tools we are trying to use and the language or notation we are using to
express or record our thoughts, are the major factors determining what we can
think or express at all!
-- Edsger W. Dijkstra
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: dzu at denx.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* [U-Boot] [Patch] For bug in UBIFS function ubifs_finddir
2011-06-29 8:34 ` Stefan Roese
@ 2011-06-29 11:42 ` Detlev Zundel
0 siblings, 0 replies; 9+ messages in thread
From: Detlev Zundel @ 2011-06-29 11:42 UTC (permalink / raw)
To: u-boot
Hi Stefan,
[...]
> This patch does not apply:
>
> Applying: For bug in UBIFS function ubifs_finddir
> Using index info to reconstruct a base tree...
> error: patch failed: fs/ubifs/ubifs.c:360
> error: fs/ubifs/ubifs.c: patch does not apply
> Did you hand edit your patch?
>
> How did you create this patch? I recommend to use "git format-patch". And send
> it via "git send-email".
>
> Also, please change the patch subject and add "ubifs:":
>
> - For bug in UBIFS function ubifs_finddir
> + ubifs: Fix bug in function ubifs_finddir
>
> Please also take a look at this page for patch submission:
>
> http://www.denx.de/wiki/view/U-Boot/Patches
>
> Thanks.
Sorry for my duplication, I just saw that you beat me with your answer
;)
Cheers
Detlev
--
Ich glaube, da? die Weltanschauung, die aus der modernen Physik hervorgeht,
mit unserer gegenw?rtigen Gesellschaft unvereinbar ist, weil sie den har-
monischen Zusammenh?ngen, die wir in der Natur beaobachten, nicht Rechnung
tr?gt. -- Fritjof Capra
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: dzu at denx.de
^ permalink raw reply [flat|nested] 9+ messages in thread
* [U-Boot] [Patch] For bug in UBIFS function ubifs_finddir
2011-06-18 9:51 ` [U-Boot] [Patch] For " Rod Boyce
2011-06-29 8:34 ` Stefan Roese
2011-06-29 11:35 ` Detlev Zundel
@ 2011-07-25 21:57 ` Wolfgang Denk
2011-07-28 13:27 ` [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir() Wolfgang Denk
3 siblings, 0 replies; 9+ messages in thread
From: Wolfgang Denk @ 2011-07-25 21:57 UTC (permalink / raw)
To: u-boot
Dear Rod Boyce,
In message <4DFC750F.7050605@teamboyce.co.uk> you wrote:
>
> Free private_data member element before freeing file structure. This
> was causing malloc to crash. Also remove unnecessary variable
> assigments after file structure was free'd.
>
> Signed-off-by: Rod Boyce <uboot@teamboyce.co.uk>
Changes have been requested for your patch.
Do you think you will find time to submit a fixed version any time
soon?
Thanks in advance.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
If all the Chinese simultaneously jumped into the Pacific off a 10
foot platform erected 10 feet off their coast, it would cause a tidal
wave that would destroy everything in this country west of Nebraska.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir()
2011-06-18 9:51 ` [U-Boot] [Patch] For " Rod Boyce
` (2 preceding siblings ...)
2011-07-25 21:57 ` Wolfgang Denk
@ 2011-07-28 13:27 ` Wolfgang Denk
2011-07-28 14:09 ` Rod Boyce
2011-08-19 15:22 ` Stefan Roese
3 siblings, 2 replies; 9+ messages in thread
From: Wolfgang Denk @ 2011-07-28 13:27 UTC (permalink / raw)
To: u-boot
Free private_data member element before freeing file structure.
This was causing malloc to crash. Also remove unnecessary variable
assigments as file structure gets free'd as well.
Signed-off-by: Rod Boyce <uboot@teamboyce.co.uk>
Signed-off-by: Wolfgang Denk <wd@denx.de>
Cc: Stefan Roese <sr@denx.de>
---
As Rod appears to have disappeared I took the frredom to jump in and
fix this. - wd
fs/ubifs/ubifs.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
index 5a5c739..61f70b2 100644
--- a/fs/ubifs/ubifs.c
+++ b/fs/ubifs/ubifs.c
@@ -360,6 +360,8 @@ out:
return err;
}
+ if (file->private_data)
+ kfree(file->private_data);
if (file)
free(file);
if (dentry)
@@ -367,10 +369,6 @@ out:
if (dir)
free(dir);
- if (file->private_data)
- kfree(file->private_data);
- file->private_data = NULL;
- file->f_pos = 2;
return 0;
}
--
1.7.6
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir()
2011-07-28 13:27 ` [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir() Wolfgang Denk
@ 2011-07-28 14:09 ` Rod Boyce
2011-08-19 15:22 ` Stefan Roese
1 sibling, 0 replies; 9+ messages in thread
From: Rod Boyce @ 2011-07-28 14:09 UTC (permalink / raw)
To: u-boot
On 28/07/11 14:27, Wolfgang Denk wrote:
> As Rod appears to have disappeared I took the frredom to jump in and
> fix this. - wd
>
All,
Sorry about this I missed the e-mail asking me to reformat the patch.
Thanks for sorting this out Wolfgang.
Regards,
Rod Boyce
^ permalink raw reply [flat|nested] 9+ messages in thread
* [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir()
2011-07-28 13:27 ` [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir() Wolfgang Denk
2011-07-28 14:09 ` Rod Boyce
@ 2011-08-19 15:22 ` Stefan Roese
1 sibling, 0 replies; 9+ messages in thread
From: Stefan Roese @ 2011-08-19 15:22 UTC (permalink / raw)
To: u-boot
On Thursday 28 July 2011 15:27:22 Wolfgang Denk wrote:
> Free private_data member element before freeing file structure.
> This was causing malloc to crash. Also remove unnecessary variable
> assigments as file structure gets free'd as well.
Applied to u-boot-ubi/master. Thanks.
Best regards,
Stefan
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-0 Fax: (+49)-8142-66989-80 Email: office at denx.de
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2011-08-19 15:22 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-06-16 11:13 [U-Boot] Possible bug in UBIFS function ubifs_finddir Rod Boyce
2011-06-18 9:51 ` [U-Boot] [Patch] For " Rod Boyce
2011-06-29 8:34 ` Stefan Roese
2011-06-29 11:42 ` Detlev Zundel
2011-06-29 11:35 ` Detlev Zundel
2011-07-25 21:57 ` Wolfgang Denk
2011-07-28 13:27 ` [U-Boot] [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir() Wolfgang Denk
2011-07-28 14:09 ` Rod Boyce
2011-08-19 15:22 ` Stefan Roese
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.