From 43119193ef0f3fef6bc01a391ccda8a97cfc149c Mon Sep 17 00:00:00 2001 From: Christian Mauderer Date: Mon, 4 Apr 2022 15:17:56 +0200 Subject: imfs: Fix index underrun when extending empty file Currently the following sequence causes a endless loop when extending an IMFS file: - Create a file with zero length and close it. - Make sure nearly no allocatable memory is left. - Open the file and write enough data into it that more than the remaining memory will be used. In that case when extending the IMFS file, the file currently need zero blocks. If allocating enough new blocks fails, the already allocated new blocks will be freed again. The comparison of block>=old_blocks that has been used prior to this patch compared two unsigned numbers. If old_blocks was zero, the comparison of these two numbers always evaluated to true. This patch frees the last block in a separate step to avoid this problem. Fixes #4639 --- cpukit/libfs/src/imfs/imfs_memfile.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'cpukit/libfs/src') diff --git a/cpukit/libfs/src/imfs/imfs_memfile.c b/cpukit/libfs/src/imfs/imfs_memfile.c index 23c7192717..769a570ecf 100644 --- a/cpukit/libfs/src/imfs/imfs_memfile.c +++ b/cpukit/libfs/src/imfs/imfs_memfile.c @@ -208,9 +208,10 @@ static int IMFS_memfile_extend( offset = 0; } } else { - for ( ; block>=old_blocks ; block-- ) { + for ( ; block>old_blocks ; block-- ) { IMFS_memfile_remove_block( memfile, block ); } + IMFS_memfile_remove_block( memfile, old_blocks ); rtems_set_errno_and_return_minus_one( ENOSPC ); } } -- cgit v1.2.3