From 9f426c46e5deb8fbca6ecd86cb1f6b527583d9d6 Mon Sep 17 00:00:00 2001 From: "cantab.net!aia21" Date: Fri, 13 Dec 2002 14:44:50 +0000 Subject: [PATCH] Fix bug where the call to ntfs_attr_{put,reinit}_search_ctx() would free the extent inode attached to the search context but leave it attached to the base inode, so this would lead to memory corruption and worse problems. Thanks to Szakacsits Szabolcs for spotting this. We now don't close extent inodes any more at all and just leave it to the closing of the base inode to dispose of all the extent inodes. (Logical change 1.42) --- ChangeLog | 6 ++++++ libntfs/attrib.c | 10 ++-------- libntfs/inode.c | 3 +++ 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 69d2c8a1..555187b0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -154,6 +154,12 @@ was fixed in the NTFS kernel driver over six months ago but the fix was never taken over to libntfs. (Szakacsits Szabolcs) - Fix stupid bug in ntfs_ucsncmp(). Spotted by Leonard Norrgard. + - Fix bug where the call to ntfs_attr_{put,reinit}_search_ctx() would + free the extent inode attached to the search context but leave it + attached to the base inode, so this would lead to memory corruption + and worse problems. Thanks to Szakacsits Szabolcs for spotting this. + We now don't close extent inodes any more at all and just leave it + to the closing of the base inode to dispose of all the extent inodes. 12/03/2002 - 1.6.0 - More mkntfs options and cleanups. Fix typo in usage information of mkntfs. Thanks to Richard Russon for diff --git a/libntfs/attrib.c b/libntfs/attrib.c index 33c48c8e..865acfd5 100644 --- a/libntfs/attrib.c +++ b/libntfs/attrib.c @@ -1786,8 +1786,7 @@ static __inline__ void ntfs_attr_init_search_ctx(ntfs_attr_search_ctx *ctx, * ntfs_attr_reinit_search_ctx - reinitialize an attribute search context * @ctx: attribute search context to reinitialize * - * Reinitialize the attribute search context @ctx, unmapping an associated - * extent mft record if present, and initialize the search context again. + * Reinitialize the attribute search context @ctx. * * This is used when a search for a new attribute is being started to reset * the search context to the beginning. @@ -1802,8 +1801,6 @@ void ntfs_attr_reinit_search_ctx(ntfs_attr_search_ctx *ctx) le16_to_cpu(ctx->mrec->attrs_offset)); return; } /* Attribute list. */ - if (ctx->ntfs_ino != ctx->base_ntfs_ino) - ntfs_inode_close(ctx->ntfs_ino); ntfs_attr_init_search_ctx(ctx, ctx->base_ntfs_ino, ctx->base_mrec); return; } @@ -1839,13 +1836,10 @@ ntfs_attr_search_ctx *ntfs_attr_get_search_ctx(ntfs_inode *ni, MFT_RECORD *mrec) * ntfs_attr_put_search_ctx - release an attribute search context * @ctx: attribute search context to free * - * Release the attribute search context @ctx, unmapping an associated extent - * mft record if present. + * Release the attribute search context @ctx. */ void ntfs_attr_put_search_ctx(ntfs_attr_search_ctx *ctx) { - if (ctx->base_ntfs_ino && ctx->ntfs_ino != ctx->base_ntfs_ino) - ntfs_inode_close(ctx->ntfs_ino); free(ctx); return; } diff --git a/libntfs/inode.c b/libntfs/inode.c index 7ab0d634..ceb3e22b 100644 --- a/libntfs/inode.c +++ b/libntfs/inode.c @@ -235,6 +235,9 @@ int ntfs_inode_close(ntfs_inode *ni) * Finally attach the ntfs inode to its base inode @base_ni and return a * pointer to the ntfs_inode structure on success or NULL on error, with errno * set to the error code. + * + * Note, extent inodes are never closed directly. They are automatically + * disposed off by the closing of the base inode. */ ntfs_inode *ntfs_extent_inode_open(ntfs_inode *base_ni, const MFT_REF mref) {