[prev in list] [next in list] [prev in thread] [next in thread] 

List:       yaffs
Subject:    Re: [Yaffs] Problem with null names in yaffs_FindObjectByName()
From:       Luc Van Oostenryck <lkml () looxix ! net>
Date:       2005-08-01 19:24:21
Message-ID: 42EE76E5.5040400 () looxix ! net
[Download RAW message or body]

Charles Manning wrote:
> On Monday 01 August 2005 10:52, Luc Van Oostenryck wrote:
> 
>>New tests that I run cause 100% reproductible kernel crashes.
>>The problems appears that yaffs_FindObjectByName() can be called with name
>>set to NULL.
>>
>>The code path come from the two calls yaffs_ChangeObjectName() at the end
>>of yaffs_UnlinkFile() which set name to NULL and cause a crash when
>>strcmp() is called in yaffs_FindObjectByName().
> 
> 
> Sorry my bad.
> 
> This was part of the change I did for the shadowing stuff.
>

Ah yes, OK. Sorry, I should have checked but it was late and I was too lazy to do
a regression test.

> 
>>
>>For the moment I use the attached patch (beware there is also some traces
>>added) which test early for NULL name in yaffs_FindObjectByName() and
>>return NULL in this case. It seems to solve the problem, but it need to be
>>checked.
>>
>>What I find realy hard to understand is why we didn't find this one sooner
>>(I run previously a heavy test with lot of file creation and deletion and
>>everything went good :-().
> 
> 
> I introduced this yesterday.
> The problem is the new check for existingTarget near line 1863. See 
> http://www.aleph1.co.uk/cgi-bin/viewcvs.cgi/yaffs2/yaffs_guts.c?r1=1.11&r2=1.12
> 

Yes, but the tests I was talking were with this change in and didn't detect a problem.
They must test another code path or be very bad ;-) Probably both.


Luc



[prev in list] [next in list] [prev in thread] [next in thread]