From eff68496e2d8dedfe47e4b711681fe4995cf3abd Mon Sep 17 00:00:00 2001 From: Kirk McKusick Date: Tue, 25 Feb 2014 18:25:27 +0000 Subject: [PATCH] Arguments for malloc and calloc should be size_t, not int. Use proper bounds check when trying to free cached memory. Spotted by: Xin Li Tested by: Dmitry Sivachenko MFC after: 2 weeks --- sbin/fsck_ffs/fsck.h | 4 ++-- sbin/fsck_ffs/fsutil.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/sbin/fsck_ffs/fsck.h b/sbin/fsck_ffs/fsck.h index a7b5961a574d..c0ec65137eb3 100644 --- a/sbin/fsck_ffs/fsck.h +++ b/sbin/fsck_ffs/fsck.h @@ -369,7 +369,7 @@ int flushentry(void); * to get space. */ static inline void* -Malloc(int size) +Malloc(size_t size) { void *retval; @@ -384,7 +384,7 @@ Malloc(int size) * to get space. */ static inline void* -Calloc(int cnt, int size) +Calloc(size_t cnt, size_t size) { void *retval; diff --git a/sbin/fsck_ffs/fsutil.c b/sbin/fsck_ffs/fsutil.c index 4b44fd4ec856..5fe09a0c2dcc 100644 --- a/sbin/fsck_ffs/fsutil.c +++ b/sbin/fsck_ffs/fsutil.c @@ -225,7 +225,7 @@ cgget(int cg) struct cg *cgp; if (cgbufs == NULL) { - cgbufs = Calloc(sblock.fs_ncg, sizeof(struct bufarea)); + cgbufs = calloc(sblock.fs_ncg, sizeof(struct bufarea)); if (cgbufs == NULL) errx(EEXIT, "cannot allocate cylinder group buffers"); } @@ -254,6 +254,8 @@ flushentry(void) { struct bufarea *cgbp; + if (flushtries == sblock.fs_ncg || cgbufs == NULL) + return (0); cgbp = &cgbufs[flushtries++]; if (cgbp->b_un.b_cg == NULL) return (0);