From skywizard@TOMOYO.MyBSD.ORG.MY  Tue Jun 24 12:47:22 2003
Return-Path: <skywizard@TOMOYO.MyBSD.ORG.MY>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 37DDB37B404; Tue, 24 Jun 2003 12:47:22 -0700 (PDT)
Received: from TOMOYO.MyBSD.ORG.MY (router.ded2.com [202.157.183.149])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 7189143F93; Tue, 24 Jun 2003 12:47:20 -0700 (PDT)
	(envelope-from skywizard@TOMOYO.MyBSD.ORG.MY)
Received: from TOMOYO.MyBSD.ORG.MY (localhost [127.0.0.1])
	by TOMOYO.MyBSD.ORG.MY (8.12.9/8.12.3) with ESMTP id h5OJnMBe062643;
	Wed, 25 Jun 2003 03:49:22 +0800 (MYT)
	(envelope-from skywizard@TOMOYO.MyBSD.ORG.MY)
Received: (from skywizard@localhost)
	by TOMOYO.MyBSD.ORG.MY (8.12.9/8.12.3/Submit) id h5OJnMH4062642;
	Wed, 25 Jun 2003 03:49:22 +0800 (MYT)
Message-Id: <200306241949.h5OJnMH4062642@TOMOYO.MyBSD.ORG.MY>
Date: Wed, 25 Jun 2003 03:49:22 +0800 (MYT)
From: skywizard@MyBSD.org.my
Reply-To: skywizard@MyBSD.org.my
To: FreeBSD-gnats-submit@freebsd.org
Cc: freebsd-fs@freebsd.org, freebsd-stable@freebsd.org,
	freebsd-current@freebsd.org
Subject: truncate operation on fat32 may corrupt the file system
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         53695
>Category:       kern
>Synopsis:       truncate operation on fat32 may corrupt the file system
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    trhodes
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 24 12:50:19 PDT 2003
>Closed-Date:    Wed Jul 09 11:41:46 PDT 2003
>Last-Modified:  Wed Jul 09 11:41:46 PDT 2003
>Originator:     Ariff Abdullah
>Release:        FreeBSD 4.7-RELEASE i386
>Organization:
MyBSD
>Environment:
System: 4.7-RELEASE, 5.1-RELEASE (GENERIC)


>Description:
	Truncate operation involving truncate() or ftruncate() on
	FAT32 mounted as msdos either failed or silently corrupting
	the file or even worse, corrupting the neighbour file reiside
	in the same partition/file system.

>How-To-Repeat:
	# cd /to/fat32/partition/
	# dd if=/dev/zero of=XX bs=4099 count=1
	# truncate -s 4097 XX
	truncate: XX: Argument list too long

	errno E2BIG

>Fix:
--- /usr/src/sys/msdosfs/msdosfs_denode.c.orig	Tue Jun 24 06:01:09 2003
+++ /usr/src/sys/msdosfs/msdosfs_denode.c	Tue Jun 24 05:53:41 2003
@@ -501,26 +501,19 @@
 			bn = cntobn(pmp, eofentry);
 			error = bread(pmp->pm_devvp, bn, pmp->pm_bpcluster,
 			    NOCRED, &bp);
-		} else {
-			bn = de_blk(pmp, length);
-			error = bread(DETOV(dep), bn, pmp->pm_bpcluster,
-			    NOCRED, &bp);
-		}
-		if (error) {
-			brelse(bp);
+			if (error) {
+				brelse(bp);
 #ifdef MSDOSFS_DEBUG
-			printf("detrunc(): bread fails %d\n", error);
+				printf("detrunc(): bread fails %d\n", error);
 #endif
-			return (error);
+				return (error);
+			}
+			bzero(bp->b_data + boff, pmp->pm_bpcluster - boff);
+			if (flags & IO_SYNC)
+				bwrite(bp);
+			else
+				bdwrite(bp);
 		}
-		/*
-		 * is this the right place for it?
-		 */
-		bzero(bp->b_data + boff, pmp->pm_bpcluster - boff);
-		if (flags & IO_SYNC)
-			bwrite(bp);
-		else
-			bdwrite(bp);
 	}
 
 	/*


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->trhodes 
Responsible-Changed-By: trhodes 
Responsible-Changed-When: Fri Jun 27 07:57:30 PDT 2003 
Responsible-Changed-Why:  
Over to me. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=53695 
State-Changed-From-To: open->patched 
State-Changed-By: trhodes 
State-Changed-When: Fri Jun 27 08:49:32 PDT 2003 
State-Changed-Why:  
Patched.  MFC in three days, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=53695 
State-Changed-From-To: patched->closed 
State-Changed-By: trhodes 
State-Changed-When: Wed Jul 9 11:41:26 PDT 2003 
State-Changed-Why:  
MFC complete, thanks for the submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=53695 
>Unformatted:
