diff options
authorChristian Mauderer <>2022-04-04 15:17:56 +0200
committerChristian Mauderer <>2022-04-07 10:45:12 +0200
commit051778e9d602c2801d8100b0c9583c3d6b75310a (patch)
parentbsps/sparc: Fix global construction/destruction (diff)
imfs: Fix index underrun when extending empty file4.11
Currently the following sequence causes a endless loop when extending an IMFS file: - Create a file with zero length and close it. - Make sure nearly no allocatable memory is left. - Open the file and write enough data into it that more than the remaining memory will be used. In that case when extending the IMFS file, the file currently need zero blocks. If allocating enough new blocks fails, the already allocated new blocks will be freed again. The comparison of block>=old_blocks that has been used prior to this patch compared two unsigned numbers. If old_blocks was zero, the comparison of these two numbers always evaluated to true. This patch frees the last block in a separate step to avoid this problem. Note: This patch is a backport of 43119193ef0f3fef6bc01a391ccda8a97cfc149c from RTEMS master. It only contains the bugfix. Adding a test case has been skipped because that part of the patch didn't apply without problems and is not really relevant for fixing the bug. Fixes #2353
1 files changed, 2 insertions, 1 deletions
diff --git a/cpukit/libfs/src/imfs/imfs_memfile.c b/cpukit/libfs/src/imfs/imfs_memfile.c
index 2b6a49698a..35d456ab2b 100644
--- a/cpukit/libfs/src/imfs/imfs_memfile.c
+++ b/cpukit/libfs/src/imfs/imfs_memfile.c
@@ -188,9 +188,10 @@ static int IMFS_memfile_extend(
offset = 0;
} else {
- for ( ; block>=old_blocks ; block-- ) {
+ for ( ; block>old_blocks ; block-- ) {
IMFS_memfile_remove_block( memfile, block );
+ IMFS_memfile_remove_block( memfile, old_blocks );
rtems_set_errno_and_return_minus_one( ENOSPC );