diff options
author | trasz <trasz@FreeBSD.org> | 2012-04-21 10:45:46 +0000 |
---|---|---|
committer | trasz <trasz@FreeBSD.org> | 2012-04-21 10:45:46 +0000 |
commit | e0fe14d68525ec44bfd3821750dddc2164aad753 (patch) | |
tree | 358ca9d666e282601512df4c4394303260a9dfb2 /sys/ufs/ffs/ffs_vfsops.c | |
parent | 73b414e35bb2d18ee8e7c6a46c46fd4a5d24977c (diff) | |
download | FreeBSD-src-e0fe14d68525ec44bfd3821750dddc2164aad753.zip FreeBSD-src-e0fe14d68525ec44bfd3821750dddc2164aad753.tar.gz |
Fix use-after-free introduced in r234036.
Reviewed by: mckusick
Tested by: pho
Diffstat (limited to 'sys/ufs/ffs/ffs_vfsops.c')
-rw-r--r-- | sys/ufs/ffs/ffs_vfsops.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 974d27a..9aff694 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -699,10 +699,14 @@ ffs_reload(struct mount *mp, struct thread *td) * We no longer know anything about clusters per cylinder group. */ if (fs->fs_contigsumsize > 0) { - lp = fs->fs_maxcluster; + fs->fs_maxcluster = lp = space; for (i = 0; i < fs->fs_ncg; i++) *lp++ = fs->fs_contigsumsize; + space = lp; } + size = fs->fs_ncg * sizeof(u_int8_t); + fs->fs_contigdirs = (u_int8_t *)space; + bzero(fs->fs_contigdirs, size); loop: MNT_VNODE_FOREACH_ALL(vp, mp, mvp) { |