From iedowse@maths.tcd.ie  Wed May  7 04:01:58 1997
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id EAA16821
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 7 May 1997 04:01:56 -0700 (PDT)
Received: by salmon.maths.tcd.ie  with Delay channel id aa11884;
          7 May 97 12:01 +0100
Message-Id: <9705071156.aa11366@salmon.maths.tcd.ie>
Date: Wed, 7 May 97 11:56:33 +0100
From: iedowse@maths.tcd.ie
Sender: iedowse@maths.tcd.ie
Reply-To: iedowse@maths.tcd.ie
To: FreeBSD-gnats-submit@freebsd.org
Subject: fsck fails to detect some illegal block numbers
X-Send-Pr-Version: 3.2

>Number:         3528
>Category:       bin
>Synopsis:       fsck fails to detect some illegal block numbers
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May  7 04:10:01 PDT 1997
>Closed-Date:    Sat Dec 20 16:01:02 PST 1997
>Last-Modified:  Sat Dec 20 16:05:41 PST 1997
>Originator:     Ian Dowse
>Release:        FreeBSD 2.2-STABLE i386
>Organization:
>Environment:

FreeBSD 2.2-STABLE i386

>Description:

fsck fails to detect some illegal block numbers due to an overflow in
chkrange(). A block number of -1 results in the error:

CANNOT SEEK: BLK -1

chkrange(blk,cnt) only checks that (blk+cnt) is within range. This is
not sufficient if the addition causes a wrap-around to the start of the
partition.


>How-To-Repeat:

Create an inode which has -1 as one of its block numbers, and run fsck
on the partition.

>Fix:

--- src/sbin/fsck/inode.c.old	Wed May  7 10:05:13 1997
+++ src/sbin/fsck/inode.c	Wed May  7 10:51:36 1997
@@ -234,7 +234,7 @@
 {
 	register int c;
 
-	if ((unsigned)(blk + cnt) > maxfsblock)
+	if ((unsigned)blk > maxfsblock || (unsigned)(blk + cnt) > maxfsblock)
 		return (1);
 	c = dtog(&sblock, blk);
 	if (blk < cgdmin(&sblock, c)) {
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: bde 
State-Changed-When: Sat Dec 20 16:01:02 PST 1997 
State-Changed-Why:  
A different version of the fix was committed in rev.1.12 of 
fsck/inode.c.  Note that the fix in the PR has an off by 1 
error (maxfsblock is actually one more than the maximum). 
>Unformatted:
