*BSD News Article 68041


Return to BSD News archive

Newsgroups: comp.bugs.2bsd
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.hawaii.edu!ames!usenet.kornet.nm.kr!usenet.etri.re.kr!news.kreonet.re.kr!usenet.seri.re.kr!news.cais.net!news.mathworks.com!news.kei.com!nntp.coast.net!oleane!jussieu.fr!math.ohio-state.edu!uwm.edu!lll-winken.llnl.gov!enews.sgi.com!sgigate.sgi.com!news.msfc.nasa.gov!europa.chnt.gtegsc.com!wlbr!moe!sms
From: sms@moe.2bsd.com (Steven M. Schultz)
Subject: mkfs MAXFN too small, malloc(3) debug mode broken (#318)
Organization: 2BSD, Simi Valley CA USA
Message-ID: <Dr4DuD.8yC@moe.2bsd.com>
Date: Thu, 9 May 1996 04:01:24 GMT
Lines: 234

Subject: mkfs MAXFN too small, malloc(3) debug mode broken (#318)
Index:	etc/mkfs.c,lib/libc/gen/malloc.c 2.11BSD

Description:
	1) The maximum freelist modulus limit of 500 is too small.

	2) If malloc(3) is compiled with the 'debug' option on the 'botch'
	macro can recursively be called causing a stack underflow.

Repeat-By:
	1) Have a disk with 68 sectors per track and 15 heads.  The
	   freelist modulus should be 510 (68 * 15 / 2) but is instead
	   being limited to 500.

	2) Run a program which corrupts the malloc arena and then calls
	   malloc.  Note that you do not see the 'assertion failed' message
	   just before the program dumps core.  Further note that the stack
	   has been pushed down immediately adjacent to the data segment.

Fix:
	The two problems are unrelated.  The fixes were lumped together
	in one patch because they are both small.

	The C library does *not* need to be recompiled at this time.   The
	change to malloc.c is intended for those cases where a copy of
	malloc.c is made for local compilation when debugging a program.
	The comments at the top of malloc.c provide additional information.

	A small correction (removal of an obsolete comment) was made to
	the man page for mkfs(8).

	To apply the update below first cut where indicated and save to a
	file (/tmp/318).  Then:

		patch -p0 < /tmp/318
		cd /usr/src/etc
		make mkfs
		install -s -m 755 mkfs /etc/mkfs
		cd /usr/src/man/man8
		/usr/man/manroff mkfs.8 > /usr/man/cat8/mkfs.0

	The standalone version of mkfs is affected by the change to mkfs.c
	so it might be a good idea to recreate boot floppies or tapes whenever
	it is convenient.

	This and previous updates are available via anonymous FTP to either
	FTP.IIPO.GTEGSC.COM or MOE.2BSD.COM in the directory /pub/2.11BSD.

==========================cut here=========================
*** /usr/src/etc/mkfs.c.old	Fri Apr 12 22:57:21 1996
--- /usr/src/etc/mkfs.c	Wed May  8 20:15:30 1996
***************
*** 1,5 ****
  #if	!defined(lint) && defined(DOSCCS)
! char	*sccsid = "@(#)mkfs.c	2.8 (2.11BSD) 1996/04/11";
  #endif
  
  /*
--- 1,5 ----
  #if	!defined(lint) && defined(DOSCCS)
! char	*sccsid = "@(#)mkfs.c	2.9 (2.11BSD) 1996/5/8";
  #endif
  
  /*
***************
*** 34,40 ****
  #endif
  
  #define	UMASK	0755
! #define	MAXFN	500
  
  time_t	utime;
  
--- 34,40 ----
  #endif
  
  #define	UMASK	0755
! #define	MAXFN	750
  
  time_t	utime;
  
*** /usr/src/man/man8/mkfs.8.old	Fri Apr 12 21:30:04 1996
--- /usr/src/man/man8/mkfs.8	Wed May  8 20:22:10 1996
***************
*** 2,10 ****
  .\" All rights reserved.  The Berkeley software License Agreement
  .\" specifies the terms and conditions for redistribution.
  .\"
! .\"	@(#)mkfs.8	2.0 (2.11BSD) 1996/4/12
  .\"
! .TH MKFS 8 "April 12, 1996"
  .UC 2
  .SH NAME
  mkfs \- construct a file system
--- 2,10 ----
  .\" All rights reserved.  The Berkeley software License Agreement
  .\" specifies the terms and conditions for redistribution.
  .\"
! .\"	@(#)mkfs.8	2.1 (2.11BSD) 1996/5/8
  .\"
! .TH MKFS 8 "May 8, 1996"
  .UC 2
  .SH NAME
  mkfs \- construct a file system
***************
*** 81,88 ****
  mkproto(8)
  newfs(8)
  .SH BUGS
- There should be some way to specify links.
- .PP
  The
  .I lost+found
  directory is created but the boot block is left uninitialized (see
--- 81,86 ----
*** /usr/src/lib/libc/gen/malloc.c.old	Mon Dec 26 14:24:35 1988
--- /usr/src/lib/libc/gen/malloc.c	Thu Apr 11 21:13:28 1996
***************
*** 1,20 ****
! /*	@(#)malloc.c	2.1	SCCS id keyword	*/
  #ifdef debug
  
! #	define ASSERT(p) if(!(p))botch("p");else
  
! 	botch(s)
! 		char *s;
! 	{
! 		printf("assertion botched: %s\n",s);
! 		abort();
! 	}
  
! #else
  
! #	define ASSERT(p)
  
! #endif
  
  /*
   * The origins of the following ifdef are lost.  The only comment attached
--- 1,41 ----
! /*	@(#)malloc.c	2.2	(2.11BSD) 1996/4/11 */
! 
! #include <unistd.h>
! 
  #ifdef debug
+ #include <sys/types.h>
+ #include <sys/uio.h>
  
! #define ASSERT(p) if(!(p))botch("p")
  
! /*
!  * Can't use 'printf' below because that can call malloc().  If the malloc
!  * arena is corrupt malloc() calls botch() which calls printf which calls malloc
!  * ... result is a recursive loop which underflows the stack.
! */
  
! static botch(s)
! char *s;
! {
! 	struct	iovec	iov[3];
! 	register struct iovec *v = iov;
! 	char	*ab = "assertion botched: ";
  
! 	v->iov_base = ab;
! 	v->iov_len = strlen(ab);
! 	v++;
! 	v->iov_base = s;
! 	v->iov_len = strlen(s);
! 	v++;
! 	v->iov_base = "\n";
! 	v->iov_len = 1;
  
! 	writev(STDOUT_FILENO, iov, 3);
! 	abort();
! }
! #else
! #define ASSERT(p)
! #endif	/* debug */
  
  /*
   * The origins of the following ifdef are lost.  The only comment attached
***************
*** 53,59 ****
  #define	BLOCK		1024	/* a multiple of WORD */
  
  #define	BUSY		1
- #define	NULL		0
  
  #define	testbusy(p)	((INT)(p)&BUSY)
  #define	setbusy(p)	(union store *)((INT)(p)|BUSY)
--- 74,79 ----
***************
*** 188,195 ****
  	return((char *)q);
  }
  
! #ifdef debug
! allock()
  {
  #ifdef longdebug
  	register union store *p;
--- 208,215 ----
  	return((char *)q);
  }
  
! #ifdef	debug
! static allock()
  {
  #ifdef longdebug
  	register union store *p;
***************
*** 205,208 ****
  	return(1);
  #endif
  }
! #endif
--- 225,228 ----
  	return(1);
  #endif
  }
! #endif /* debug */
*** /VERSION.old	Thu May  2 21:17:40 1996
--- /VERSION	Wed May  8 20:23:50 1996
***************
*** 1,4 ****
! Current Patch Level: 317
  
  2.11 BSD
  ============
--- 1,4 ----
! Current Patch Level: 318
  
  2.11 BSD
  ============