kern/77234: [udf] [patch] corrupted data is read from UDF filesystem if read starts at non-aligned offset

Andriy Gapon avg at icyb.net.ua
Wed May 24 12:50:59 UTC 2006 

The following reply was made to PR kern/77234; it has been noted by GNATS.

From: Andriy Gapon <avg at icyb.net.ua>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: kern/77234: [udf] [patch] corrupted data is read from UDF filesystem
 if read starts at non-aligned offset
Date: Wed, 24 May 2006 15:49:10 +0300

 This is a multi-part message in MIME format.
 --------------040007090500020000090100
 Content-Type: text/plain; charset=KOI8-U
 Content-Transfer-Encoding: 7bit
 
 
 This problem is still present in 6.1.
 Updated patch is attached.
 
 -- 
 Andriy Gapon
 
 --------------040007090500020000090100
 Content-Type: text/x-patch;
  name="offset.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="offset.patch"
 
 --- sys/fs/udf/udf_vnops.c.orig	Thu Mar 17 15:08:39 2005
 +++ sys/fs/udf/udf_vnops.c	Thu Mar 17 15:13:41 2005
 @@ -1091,19 +1097,21 @@
  		*size = max_size;
  	*size = min(*size, MAXBSIZE);
  
 -	if ((error = udf_readlblks(udfmp, sector, *size, bp))) {
 +	if ((error = udf_readlblks(udfmp, sector, *size + (offset & udfmp->bmask), bp))) {
  		printf("warning: udf_readlblks returned error %d\n", error);
  		/* note: *bp may be non-NULL */
  		return (error);
  	}
  
  	bp1 = *bp;
 -	*data = (uint8_t *)&bp1->b_data[offset % udfmp->bsize];
 +	*data = (uint8_t *)&bp1->b_data[offset & udfmp->bmask];
  	return (0);
  }
  
  /*
   * Translate a file offset into a logical block and then into a physical
   * block.
 + * max_size - maximum number of bytes that can be read starting from given
 + * offset, rather than beginning of calculated sector number
   */
  static int
 @@ -1158,7 +1166,7 @@
  		lsector = (offset  >> udfmp->bshift) +
  		    ((struct short_ad *)(icb))->pos;
  
 -		*max_size = GETICBLEN(short_ad, icb);
 +		*max_size = icblen - offset;
  
  		break;
  	case 1:
 @@ -1183,7 +1191,7 @@
  		lsector = (offset >> udfmp->bshift) +
  		    le32toh(((struct long_ad *)(icb))->loc.lb_num);
  
 -		*max_size = GETICBLEN(long_ad, icb);
 +		*max_size = icblen - offset;
  
  		break;
  	case 3:
 
 --------------040007090500020000090100--

More information about the freebsd-bugs mailing list