[U-Boot] [PATCH] ubifs bad superblock bug
Kyungmin Park
kmpark at infradead.org
Tue Oct 4 11:41:52 CEST 2011
On Tue, Oct 4, 2011 at 6:08 PM, larsi <larsi at atlantis.wh2.tu-dresden.de> wrote:
> This patch fixes an issue when ubifs reads a bad superblock. Later it
> tries to free memory, that was not allocated, which freezes u-boot.
> This is fixed by looking for a non null pointer before free.
>
> Signed-off-by: Lars Poeschel <larsi at wh2.tu-dresden.de>
> Cc: Kyungmin Park <kmpark at infradead.org>
> ---
> The message I got before u-boot freezes:
> UBI: max/mean erase counter: 53/32
> UBIFS: mounted UBI device 0, volume 1, name "rootfs"
> UBIFS: mounted read-only
> UBIFS: file system size: 49140 bytes (50319360 KiB, 0 MiB, 49140 LEBs)
> UBIFS: journal size: 49 bytes (6838272 KiB, 0 MiB, 6678 LEBs)
> UBIFS: media format: w4/r0 (latest is w4/r0)
> UBIFS: default compressor: LZO
> UBIFS: reserved for root: 0 bytes (0 KiB)
> UBIFS error (pid 0): ubifs_read_node: bad node type (255 but expected 9)
> UBIFS error (pid 0): ubifs_read_node: bad node at LEB 330:13104
> UBIFS error (pid 0): ubifs_iget: failed to read inode 1, error -22
> Error reading superblock on volume 'ubi:rootfs'!
>
> fs/ubifs/super.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
> index 63b2164..20fb244 100644
> --- a/fs/ubifs/super.c
> +++ b/fs/ubifs/super.c
> @@ -848,8 +848,10 @@ void ubifs_umount(struct ubifs_info *c)
> ubifs_debugging_exit(c);
>
> /* Finally free U-Boot's global copy of superblock */
> - free(ubifs_sb->s_fs_info);
> - free(ubifs_sb);
> + if (ubifs_sb != null) {
> + free(ubifs_sb->s_fs_info);
> + free(ubifs_sb);
> + }
Which statement is problem? Basically free() check the null address.
so If ubifs_sb->s_fs_info doesn't have value its skipped. and ubifs_sb
is similar.
Thank you,
Kyungmin Park
> }
>
> /**
> --
> 1.7.4.1
>
>
More information about the U-Boot
mailing list