AnsweredAssumed Answered

MFS using NULL handle

Question asked by Adrian Rockall on Jan 27, 2017
Latest reply on Jan 30, 2017 by Adrian Rockall

I have found a bug in MFS_Open_file the mfs_open.c file. A snippet of the code is shown below:

            /* Lookup entry  with the requested name in the directory */
            error_code = MFS_scan_dir_chain(drive_ptr, &dir_chain, entry_name, &dir_entry, &entry_sector, &entry_index, NULL);
            if (error_code == MFS_NO_ERROR)
            {
                /* Check if it is a regular file and verify permissions */
                if (dir_entry.ATTRIBUTE[0] & (MFS_ATTR_DIR_NAME | MFS_ATTR_VOLUME_NAME))
                {
                    error_code = MFS_ACCESS_DENIED;
                }
                else if ((dir_entry.ATTRIBUTE[0] & MFS_ATTR_READ_ONLY) && ((fsflags & MFS_O_ACCMODE) != MFS_O_RDONLY))
                {
                    error_code = MFS_ACCESS_DENIED;
                }
                else
                {
                    MFS_HANDLE_PTR existing_handle;
                    /* Check to see if the file is already opened */
                    existing_handle = MFS_Find_handle_new(drive_ptr, entry_sector, entry_index);
                    /* Create new handle possibly associating it with the existing one */
                    handle = MFS_Create_handle(drive_ptr, existing_handle);
                    if (handle == NULL)
                    {
                        error_code = MFS_INSUFFICIENT_MEMORY;
                    }
                    /* Fill in data in the directory entry, unless it was associated with an existing handle (i.e. already filled in) */
                    if (existing_handle == NULL)
                    {
                        MFS_dir_entry_from_disk(drive_ptr, handle->DIR_ENTRY, &dir_entry);
                        handle->DIR_ENTRY->ENTRY_SECTOR = entry_sector;
                        handle->DIR_ENTRY->ENTRY_INDEX = entry_index;
                        handle->DIR_ENTRY->DIRTY = 0;
                    }
                }
            }
        }

 

The problem is if handle comes back as NULL from MFS_Create_handle, the error_code is set but the NULL handle is still used in the call to MFS_dir_entry_from_disk. This will then generate a bus fault.

 

I think that putting MFS_dir_entry_from_disk in an else block should solve this:

 

                    /* Create new handle possibly associating it with the existing one */
                    handle = MFS_Create_handle(drive_ptr, existing_handle);
                    if (handle == NULL)
                    {
                        error_code = MFS_INSUFFICIENT_MEMORY;
                    }
     else
     {
      /* Fill in data in the directory entry, unless it was associated with an existing handle (i.e. already filled in) */
      if (existing_handle == NULL)
      {
       MFS_dir_entry_from_disk(drive_ptr, handle->DIR_ENTRY, &dir_entry);
       handle->DIR_ENTRY->ENTRY_SECTOR = entry_sector;
       handle->DIR_ENTRY->ENTRY_INDEX = entry_index;
       handle->DIR_ENTRY->DIRTY = 0;
      }
     }

 

Hope it helps

Outcomes