newfs_msdos and DVD-RAM
avg at icyb.net.ua
Wed Mar 24 15:33:45 UTC 2010
on 19/03/2010 20:26 Paul B Mahol said the following:
> On Fri, Mar 19, 2010 at 7:11 PM, Fabian Keil
> <freebsd-listen at fabiankeil.de> wrote:
>> Paul B Mahol <onemda at gmail.com> wrote:
>>> FreeBSD 9.0 CURRENT panics when mounting file system created via
>>> newfs_msdos on DVD-RAM disc.
>>> Something to do about divide by zero.
>> I recently had a similar problem with a 16GB iPod. I still haven't
>> managed to actually mount it, but the patch below at least works
>> around the panic.
>> Does it work for you, too?
> Obviously it will fix panic, but will not allow to mount. Zero value
> should be handled
> already much before. It looks the real bug is in newfs_msdos.
Looking at the code in mountmsdosfs(), it seems that SecPerClust can have zero
value at the place of the crash only if pm_BlkPerSec is zero.
See this line and the check above it:
SecPerClust *= pmp->pm_BlkPerSec;
But that is impossible because of the same if statement.
In my opinion, the only possible explanation is an overflow of a SecPerClust
value. Given that its type is u_int8_t, it seems plausible.
It would be really nice if people who can reproduce this issue could either add a
couple of printfs before the quoted above line or examined a crashdump to
determine values of SecPerClust and pm_BlkPerSec before the multiplication.
Could you guys please do it?
More information about the freebsd-current