diff options
author | bde <bde@FreeBSD.org> | 2004-02-21 22:47:19 +0000 |
---|---|---|
committer | bde <bde@FreeBSD.org> | 2004-02-21 22:47:19 +0000 |
commit | 4159786890522d187529c336eb6da4029f04a3e1 (patch) | |
tree | 71f5d04f235e741c6358eb4abd1478f731718372 /sys/fs | |
parent | 458859b90829261eff3df246a6f9f8e93d569106 (diff) | |
download | FreeBSD-src-4159786890522d187529c336eb6da4029f04a3e1.zip FreeBSD-src-4159786890522d187529c336eb6da4029f04a3e1.tar.gz |
Fixed a serious off by 1 error. The cluster-in-use bitmap was overrun
by 1 u_int if the number of clusters was 1 more than a multiple of
(8 * sizeof(u_int)). The bitmap is malloced and large (often huge), so
fatal overrun probably only occurred if the number of clusters was 1
more than 1 multiple of PAGE_SIZE/8.
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/msdosfs/msdosfs_vfsops.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/fs/msdosfs/msdosfs_vfsops.c b/sys/fs/msdosfs/msdosfs_vfsops.c index be56bfc..0406a36 100644 --- a/sys/fs/msdosfs/msdosfs_vfsops.c +++ b/sys/fs/msdosfs/msdosfs_vfsops.c @@ -586,8 +586,7 @@ mountmsdosfs(devvp, mp, td, argp) * Allocate memory for the bitmap of allocated clusters, and then * fill it in. */ - pmp->pm_inusemap = malloc(((pmp->pm_maxcluster + N_INUSEBITS - 1) - / N_INUSEBITS) + pmp->pm_inusemap = malloc(howmany(pmp->pm_maxcluster + 1, N_INUSEBITS) * sizeof(*pmp->pm_inusemap), M_MSDOSFSFAT, M_WAITOK); |