From owner-freebsd-current Thu Mar 7 16:38:53 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id QAA20604 for current-outgoing; Thu, 7 Mar 1996 16:38:53 -0800 (PST) Received: from sxt2.space.lockheed.com (sxt2.space.lockheed.com [192.68.162.109]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id QAA20598 for ; Thu, 7 Mar 1996 16:38:50 -0800 (PST) Received: by sxt2.space.lockheed.com (5.65/DEC-Ultrix/4.3) id AA04364; Thu, 7 Mar 1996 16:32:11 -0800 Date: Thu, 7 Mar 1996 16:32:11 -0800 (PST) From: "Brian N. Handy" To: Bruce Evans Cc: current@FreeBSD.ORG, mark@linus.demon.co.uk Subject: Re: reproducible fatal trap 12 In-Reply-To: <199603071953.GAA05727@godzilla.zeta.org.au> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG Precedence: bulk [...] > This is easy to reproduce and seems to be a bug in cd9660_readdir(). An > invalid directory entry is accessed one statment before the check that > finds it to be invalid. My fix delays the access and some other access > until the reclen and namlen checks are done. Apparently it is OK to > access the parts of the directory entry containing the reclen and the > namlen, although there is no such thing as a partial struct in C. > > Skipping the faulting instructing in ddb happens to work safely. For > some reason the bug wasn't reproducible after that (even after switching > to another cdrom and back). I patched this into my system and it seems to work here. (I being the originator of the "Page Fault" thread.) I'll exercise it for a while and see it I have any problems. Thanks! Brian