newfs_msdos and DVD-RAM

Andriy Gapon avg at icyb.net.ua
Wed Mar 24 15:33:45 UTC 2010


on 19/03/2010 20:26 Paul B Mahol said the following:
> On Fri, Mar 19, 2010 at 7:11 PM, Fabian Keil
> <freebsd-listen at fabiankeil.de> wrote:
>> Paul B Mahol <onemda at gmail.com> wrote:
>>
>>> FreeBSD 9.0 CURRENT panics when mounting file system created via
>>> newfs_msdos on DVD-RAM disc.
>>> Something to do about divide by zero.
>> I recently had a similar problem with a 16GB iPod. I still haven't
>> managed to actually mount it, but the patch below at least works
>> around the panic.
>>
>> Does it work for you, too?
> 
> Obviously it will fix panic, but will not allow to mount. Zero value
> should be handled
> already much before. It looks the real bug is in newfs_msdos.
> 

Looking at the code in mountmsdosfs(), it seems that SecPerClust can have zero
value at the place of the crash only if pm_BlkPerSec is zero.
See this line and the check above it:
SecPerClust         *= pmp->pm_BlkPerSec;
But that is impossible because of the same if statement.

In my opinion, the only possible explanation is an overflow of a SecPerClust
value.  Given that its type is u_int8_t, it seems plausible.

It would be really nice if people who can reproduce this issue could either add a
couple of printfs before the quoted above line or examined a crashdump to
determine values of SecPerClust and pm_BlkPerSec before the multiplication.

Could you guys please do it?
Thanks!
-- 
Andriy Gapon


More information about the freebsd-current mailing list