From nobody@FreeBSD.org  Thu Mar 14 09:56:49 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id A7A92B27
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Mar 2013 09:56:49 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 96F0EF38
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Mar 2013 09:56:49 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r2E9umEc044236
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Mar 2013 09:56:48 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id r2E9umKB044235;
	Thu, 14 Mar 2013 09:56:48 GMT
	(envelope-from nobody)
Message-Id: <201303140956.r2E9umKB044235@red.freebsd.org>
Date: Thu, 14 Mar 2013 09:56:48 GMT
From: "r4721@tormail.org" <r4721@tormail.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] fix Floating Exception in recoverdisk
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         176953
>Category:       bin
>Synopsis:       [patch] fix Floating Exception in recoverdisk
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 14 10:00:00 UTC 2013
>Closed-Date:    Thu Jun 06 23:13:10 UTC 2013
>Last-Modified:  Thu Jun 06 23:13:10 UTC 2013
>Originator:     r4721@tormail.org
>Release:        9.1 stable amd64
>Organization:
>Environment:
>Description:
the change to recoverdisk to optionally use stripesize causes Floating Exception.

http://svnweb.freebsd.org/base/stable/9/sbin/recoverdisk/recoverdisk.c?r1=225736&r2=247254&view=patch

pid 96884 (recoverdisk), uid 0: exited on signal 8

sectorsize and stripesize are both defined as u_int (32 bits), but the call to ioctl of DIOCGSTRIPESIZE returns a 64-bit number, overwriting the memory of sectorsize with 0, which is then used in a divison, causing a divide by zero error.

attached patch simply increases stripesize to 64 bits.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: sbin/recoverdisk/recoverdisk.c
===================================================================
--- sbin/recoverdisk/recoverdisk.c	(revision 247608)
+++ sbin/recoverdisk/recoverdisk.c	(working copy)
@@ -156,7 +153,7 @@
 	int error, state;
 	u_char *buf;
 	u_int sectorsize;
-	u_int stripesize;
+	u_long stripesize;
 	time_t t1, t2;
 	struct stat sb;
 	u_int n, snapshot = 60;


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Thu Mar 14 20:01:21 UTC 2013 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=176953 
State-Changed-From-To: open->patched 
State-Changed-By: delphij 
State-Changed-When: Thu Mar 14 20:06:21 UTC 2013 
State-Changed-Why:  
Patch applied against -HEAD (with change that uses off_t instead 
of u_long).  MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=176953 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/176953: commit references a PR
Date: Thu, 14 Mar 2013 20:06:02 +0000 (UTC)

 Author: delphij
 Date: Thu Mar 14 20:05:49 2013
 New Revision: 248279
 URL: http://svnweb.freebsd.org/changeset/base/248279
 
 Log:
   Correct type for DIOCGSTRIPESIZE.  Without this there
   would be a stack overflow which will crash the program
   later.
   
   PR:		bin/176953
   Submitted by:	r4721 tormail org
   MFC after:	3 days
 
 Modified:
   head/sbin/recoverdisk/recoverdisk.c
 
 Modified: head/sbin/recoverdisk/recoverdisk.c
 ==============================================================================
 --- head/sbin/recoverdisk/recoverdisk.c	Thu Mar 14 19:56:21 2013	(r248278)
 +++ head/sbin/recoverdisk/recoverdisk.c	Thu Mar 14 20:05:49 2013	(r248279)
 @@ -156,7 +156,7 @@ main(int argc, char * const argv[])
  	int error, state;
  	u_char *buf;
  	u_int sectorsize;
 -	u_int stripesize;
 +	off_t stripesize;
  	time_t t1, t2;
  	struct stat sb;
  	u_int n, snapshot = 60;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/176953: commit references a PR
Date: Mon, 18 Mar 2013 20:36:39 +0000 (UTC)

 Author: delphij
 Date: Mon Mar 18 20:36:25 2013
 New Revision: 248474
 URL: http://svnweb.freebsd.org/changeset/base/248474
 
 Log:
   MFC r248279:
   
   Correct type for DIOCGSTRIPESIZE.  Without this there
   would be a stack overflow which will crash the program
   later.
   
   PR:		bin/176953
   Submitted by:	r4721 tormail org
 
 Modified:
   stable/9/sbin/recoverdisk/recoverdisk.c
 Directory Properties:
   stable/9/sbin/recoverdisk/   (props changed)
 
 Modified: stable/9/sbin/recoverdisk/recoverdisk.c
 ==============================================================================
 --- stable/9/sbin/recoverdisk/recoverdisk.c	Mon Mar 18 20:22:40 2013	(r248473)
 +++ stable/9/sbin/recoverdisk/recoverdisk.c	Mon Mar 18 20:36:25 2013	(r248474)
 @@ -156,7 +156,7 @@ main(int argc, char * const argv[])
  	int error, state;
  	u_char *buf;
  	u_int sectorsize;
 -	u_int stripesize;
 +	off_t stripesize;
  	time_t t1, t2;
  	struct stat sb;
  	u_int n, snapshot = 60;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/176953: commit references a PR
Date: Sat, 23 Mar 2013 07:37:11 +0000 (UTC)

 Author: delphij
 Date: Sat Mar 23 07:36:53 2013
 New Revision: 248638
 URL: http://svnweb.freebsd.org/changeset/base/248638
 
 Log:
   MFC r248279:
   
   Correct type for DIOCGSTRIPESIZE.  Without this there
   would be a stack overflow which will crash the program
   later.
   
   PR:		bin/176953
   Submitted by:	r4721 tormail org
   Approved by:	re (rodrigc)
 
 Modified:
   stable/8/sbin/recoverdisk/recoverdisk.c
 Directory Properties:
   stable/8/sbin/recoverdisk/   (props changed)
 
 Modified: stable/8/sbin/recoverdisk/recoverdisk.c
 ==============================================================================
 --- stable/8/sbin/recoverdisk/recoverdisk.c	Sat Mar 23 07:24:06 2013	(r248637)
 +++ stable/8/sbin/recoverdisk/recoverdisk.c	Sat Mar 23 07:36:53 2013	(r248638)
 @@ -156,7 +156,7 @@ main(int argc, char * const argv[])
  	int error, flags, state;
  	u_char *buf;
  	u_int sectorsize;
 -	u_int stripesize;
 +	off_t stripesize;
  	time_t t1, t2;
  	struct stat sb;
  	u_int n, snapshot = 60;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: nox 
State-Changed-When: Thu Jun 6 23:13:09 UTC 2013 
State-Changed-Why:  
Closed at submitter's request (via irc), fix committed to all branches. 
Thanx! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=176953 
>Unformatted:
