Bug 28536

Summary: writing to corrupted msdosfs causes kernel panic
Product: Base System Reporter: jyliu <jyliu>
Component: i386Assignee: Tom Rhodes <trhodes>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.3-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description jyliu 2001-06-30 13:40:01 UTC 
In -current and -stable, mountmsdosfs()@ msdosfs_vfsops.c doesn't not check if pm_nxtfree exceeds the max cluster in the file system. So if a corrupted msdos filesystem(which is not uncommon) is written, the following code in updatefats()@msdosfs_fat.c will generate a panic. 

	u_long cn = pmp->pm_nxtfree;

	if (pmp->pm_freeclustercount
	    && (pmp->pm_inusemap[cn / N_INUSEBITS]
        	& (1 << (cn % N_INUSEBITS)))) { .... }

Fix: Apply the following patch to test if next free cluster exceeds the max cluster in mountmsdosfs().
How-To-Repeat: Mount a corrupted msdos filesystem(e.g. not probably shutdown) and write to it.
Comment 1 Hiten Pandya 2002-01-30 08:12:13 UTC 
I think, this should be noted by the MSDOSFS maintainer.

--Hiten
Comment 2 Tom Rhodes freebsd_committer freebsd_triage 2002-08-22 23:17:46 UTC 
State Changed
From-To: open->patched

Just applied a patch to CURRENT which should fix this problem.  With no 
problems I'll MFC in a week.  Thanks
Comment 3 Tom Rhodes freebsd_committer freebsd_triage 2002-08-22 23:17:46 UTC 
Responsible Changed
From-To: freebsd-bugs->trhodes

Just applied a patch to CURRENT which should fix this problem.  With no 
problems I'll MFC in a week.  Thanks
Comment 4 Tom Rhodes freebsd_committer freebsd_triage 2002-09-12 22:58:25 UTC 
State Changed
From-To: patched->feedback

Applied to STABLE, please let me know if you still have problems.
Comment 5 Tom Rhodes freebsd_committer freebsd_triage 2002-12-12 06:18:28 UTC 
State Changed
From-To: feedback->closed

Closed.  I can not reproduce this, and it has been in the feedback state for 
awhile now.