vfs_domount() ->...-> vfs_freeopts() NULL pointer dereferencing
Bartek Marcinkiewicz
junior at p233.if.pwr.wroc.pl
Sun Nov 23 03:41:50 PST 2003
Hi,
System in question is FreeBSD 5.1-CURRENT,
sources for -current cvsupped a few days ago.
Problem occurs while mounting ext2fs partition. If VFS_MOUNT()
returns error there is null pointer dereference happening
in vfs_freeopts() which is called by vfs_mount_destroy()
Trace:
vfs_freeopts(0, ...)
vfs_mount_destroy()
vfs_domount()
vfs_nmount
nmount()
offending code:
/* Release all resources related to the mount options. */
static void
vfs_freeopts(struct vfsoptlist *opts)
{
struct vfsopt *opt;
/* jr */
if (!opts) printf("tailq list opts is NULL pointer\n");
while (!TAILQ_EMPTY(opts)) {
opt = TAILQ_FIRST(opts);
vfs_freeopt(opts, opt);
}
free(opts, M_MOUNT);
}
Trivial patch would be adding:
if (!opts) return;
but is it correct?
best regards, bm.
ps. ext2fs was dirty..
More information about the freebsd-current
mailing list