Print this page
6638 ::pfiles walks out of bounds on array of vnode types

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/mdb/common/modules/genunix/vfs.c
          +++ new/usr/src/cmd/mdb/common/modules/genunix/vfs.c
↓ open down ↓ 520 lines elided ↑ open up ↑
 521  521                  strcpy(path, path + 7);
 522  522  
 523  523          if (strncmp("/dev/pts/../../devices/", path,
 524  524              strlen("/dev/pts/../../devices/")) == 0)
 525  525                  strcpy(path, path + 14);
 526  526  
 527  527          return (0);
 528  528  }
 529  529  
 530  530  const struct fs_type {
 531      -        int type;
      531 +        vtype_t type;
 532  532          const char *name;
 533  533  } fs_types[] = {
 534  534          { VNON,   "NON" },
 535  535          { VREG,   "REG" },
 536  536          { VDIR,   "DIR" },
 537  537          { VBLK,   "BLK" },
 538  538          { VCHR,   "CHR" },
 539  539          { VLNK,   "LNK" },
 540  540          { VFIFO,  "FIFO" },
 541  541          { VDOOR,  "DOOR" },
↓ open down ↓ 398 lines elided ↑ open up ↑
 940  940          }
 941  941  
 942  942          top_vnodep = realvpp = (uintptr_t)f->f_vnode;
 943  943  
 944  944          if (mdb_vread(&v, sizeof (v), realvpp) == -1) {
 945  945                  mdb_warn("failed to read vnode");
 946  946                  return (DCMD_ERR);
 947  947          }
 948  948  
 949  949          type = "?";
 950      -        for (i = 0; i <= NUM_FS_TYPES; i++) {
 951      -                if (fs_types[i].type == v.v_type)
      950 +        for (i = 0; i < NUM_FS_TYPES; i++) {
      951 +                if (fs_types[i].type == v.v_type) {
 952  952                          type = fs_types[i].name;
      953 +                        break;
      954 +                }
 953  955          }
 954  956  
 955  957          do {
 956  958                  uintptr_t next_realvpp;
 957  959  
 958  960                  err = next_realvp(realvpp, &layer_vn, &next_realvpp);
 959  961                  if (next_realvpp != NULL)
 960  962                          realvpp = next_realvpp;
 961  963  
 962  964          } while (err == REALVP_CONTINUE);
↓ open down ↓ 229 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX