On Wed, 5 Jul 1995, Eric Youngdale wrote:
> I was looking over the patch that you submitted, and I am having
> trouble seeing why this patch corrects a corrupt directory listing problem.
> It appears to me that the existing code should have been able to treat the
> case you are dealing with, and I am wondering if you can provide me with
> more information. I am aware that something like this patch is probably
> needed because we will be accessing beyond the end of the buffer (and hence
> into some other unrelated page of memory), so some fix is required, but I
> would like to understand this some more.
>
> Could you tell me why this section of code:
>
> /* Make sure that the entire directory record is in the
> current bh block.
> If not, put the two halves together in "tmpde" */
> next_offset = offset + de_len;
Here we could get (happens sometime)
"next_offset == bufsize"
become true, and skip this block.
> if (next_offset > bufsize) {
> next_offset &= (bufsize - 1);
> memcpy(tmpde, de, bufsize - offset);
> brelse(bh);
> block = isofs_bmap(inode, (filp->f_pos + de_len) >>
> bufbits);
> if (!block)
> return 0;
> bh = breada(inode->i_dev, block, bufsize,
> filp->f_pos+de_len, inode->i_size);
> if (!bh)
> return 0;
> memcpy(bufsize - offset + (char *) tmpde,
> bh->b_data, next_offset);
> de = tmpde;
> }
> offset = next_offset;
The next round of
while (filp->f_pos < inode->i_size) {
int de_len, next_offset;
#ifdef DEBUG
printk("Block, offset, f_pos: %x %x %x\n",
block, offset, filp->f_pos);
#endif
de = (struct iso_directory_record *) (bh->b_data + offset);
inode_number = (block << bufbits) + (offset & (bufsize - 1));
. ^^^^^^^^^^^^^^^^^^^^^