From seggers@semyam.dinoco.de  Tue May 26 07:20:58 1998
Received: from tim.xenologics.com (tim.xenologics.com [194.77.5.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA01599
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 May 1998 07:20:55 -0700 (PDT)
          (envelope-from seggers@semyam.dinoco.de)
Received: (from uucp@localhost)
	by tim.xenologics.com (8.8.5/8.8.8) with UUCP id QAA28624
	for FreeBSD-gnats-submit@freebsd.org; Tue, 26 May 1998 16:17:30 +0200 (MET DST)
Received: (from seggers@localhost)
	by semyam.dinoco.de (8.8.8/8.8.8) id LAA09390;
	Tue, 26 May 1998 11:09:57 +0200 (CEST)
	(envelope-from seggers)
Message-Id: <199805260909.LAA09390@semyam.dinoco.de>
Date: Tue, 26 May 1998 11:09:57 +0200 (CEST)
From: Stefan Eggers <seggers@semyam.dinoco.de>
Reply-To: seggers@semyam.dinoco.de
To: FreeBSD-gnats-submit@freebsd.org
Cc: seggers@semyam.dinoco.de
Subject: buggy code in libdisk.a's disk.c
X-Send-Pr-Version: 3.2

>Number:         6759
>Category:       misc
>Synopsis:       buggy code in libdisk.a's disk.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    phk
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 26 07:20:01 PDT 1998
>Closed-Date:    Fri Nov 16 14:57:25 PST 2001
>Last-Modified:  Fri Nov 16 14:57:38 PST 2001
>Originator:     Stefan Eggers
>Release:        FreeBSD 2.2.6-STABLE i386
>Organization:
none
>Environment:

	The FreeBSD 2.2-stable sources.

>Description:

	The file /usr/src/lib/libdisk/disk.c contains a confusing loop
which seems not to do what it is expected to do.  It is this one:

        p = read_block(fd,0);
        dp = (struct dos_partition*)(p+DOSPARTOFF);
        for(i=0;i<NDOSPART;i++) {
                if (dp->dp_start >= size) continue;
                if (dp->dp_start+dp->dp_size >= size) continue;
                if (!dp->dp_size) continue;

                if (dp->dp_typ == DOSPTYP_ONTRACK) {
                        d->flags |= DISK_ON_TRACK;
                        offset = 63;
                }

        }

	This loop just increments i but besides setting d->flags and
offset if the structure pointed to by dp contains DOSPTYP_ONTRACK in
dp_typ it does nothing.  It just works on the same entry NDOSPART
times which can't be right.

	My guess is dp should have either be used as array with i as
index or should have been incremented after each iteration.  Anyway,
something is wrong here.

>How-To-Repeat:

	Take a look at FreeBSD 2.2-release libdisk in file disk.c at
about line 100.

>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->phk 
Responsible-Changed-By: jkh 
Responsible-Changed-When: Tue May 26 10:54:11 PDT 1998 
Responsible-Changed-Why:  
libdisk is phk's baby. 
State-Changed-From-To: open->analyzed 
State-Changed-By: phk 
State-Changed-When: Tue May 26 11:46:29 PDT 1998 
State-Changed-Why:  
This is not a functional problem, the code worked last I tried 
it.  I don't have a Ontracked disk to test with now, so I'm not 
too keen on changing it.  I belive that the ontrack slice is 
always the first anyway. 
State-Changed-From-To: analyzed->closed 
State-Changed-By: phk 
State-Changed-When: Fri Nov 16 14:57:25 PST 2001 
State-Changed-Why:  
timed out 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=6759 
>Unformatted:
