[rtems commit] imfs: Fix index underrun when extending empty file

Christian Mauderer christianm at rtems.org
Thu Apr 7 08:37:25 UTC 2022 

Module:    rtems
Branch:    4.11
Commit:    051778e9d602c2801d8100b0c9583c3d6b75310a
Changeset: http://git.rtems.org/rtems/commit/?id=051778e9d602c2801d8100b0c9583c3d6b75310a

Author:    Christian Mauderer <christian.mauderer at embedded-brains.de>
Date:      Mon Apr  4 15:17:56 2022 +0200

imfs: Fix index underrun when extending empty file

Currently the following sequence causes a endless loop when extending an
IMFS file:

- Create a file with zero length and close it.
- Make sure nearly no allocatable memory is left.
- Open the file and write enough data into it that more than the
  remaining memory will be used.

In that case when extending the IMFS file, the file currently need zero
blocks. If allocating enough new blocks fails, the already allocated new
blocks will be freed again.

The comparison of block>=old_blocks that has been used prior to this
patch compared two unsigned numbers. If old_blocks was zero, the
comparison of these two numbers always evaluated to true.

This patch frees the last block in a separate step to avoid this
problem.

Note: This patch is a backport of
43119193ef0f3fef6bc01a391ccda8a97cfc149c from RTEMS master. It only
contains the bugfix. Adding a test case has been skipped because that
part of the patch didn't apply without problems and is not really
relevant for fixing the bug.

Fixes #2353

---

 cpukit/libfs/src/imfs/imfs_memfile.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cpukit/libfs/src/imfs/imfs_memfile.c b/cpukit/libfs/src/imfs/imfs_memfile.c
index 2b6a49698a..35d456ab2b 100644
--- a/cpukit/libfs/src/imfs/imfs_memfile.c
+++ b/cpukit/libfs/src/imfs/imfs_memfile.c
@@ -188,9 +188,10 @@ static int IMFS_memfile_extend(
           offset = 0;
        }
     } else {
-       for ( ; block>=old_blocks ; block-- ) {
+       for ( ; block>old_blocks ; block-- ) {
          IMFS_memfile_remove_block( memfile, block );
        }
+       IMFS_memfile_remove_block( memfile, old_blocks );
        rtems_set_errno_and_return_minus_one( ENOSPC );
     }
   }

More information about the vc mailing list