make-getfreetag-find-correct-free-tags-20010404

"I have found a "nice" bug in namei_ops.c:

In GetFreeTag() the following code was used to find a free place in the
link table entry:

    /* Now find a free column in this row and claim it. */
    coldata = 0x7;
    for (col = 0; col<NAMEI_MAXVOLS; col++) {
        coldata <<= col * 3;
        if ((row & coldata) == 0)
            break;
    }

What happens?
With col == 0 we look for the bits 0x7. This is ok.
With col == 1 we look for the bits 0x38. This is also ok.
With col == 2 we look for the bits 0xe00 instead of 0x1c0 !!!
But later the allocation is done correctly with 0x40.
Thus the next time he will find again a free place for col == 2 !
For higher values of col the test is also incorrect, of course."

diff --git a/src/vol/namei_ops.c b/src/vol/namei_ops.c
index d4fa1922230305cd5fa475b6cff8a3c66826a7d5..4694ed363d58c06fadacdb494b5cdf5854ecf403 100644 (file)
--- a/src/vol/namei_ops.c
+++ b/src/vol/namei_ops.c
@@ -876,11 +876,10 @@ static int GetFreeTag(IHandle_t *ih, int vno)
     }
        
     /* Now find a free column in this row and claim it. */
-    coldata = 0x7;
     for (col = 0; col<NAMEI_MAXVOLS; col++) {
-       coldata <<= col * 3;
-       if ((row & coldata) == 0)
-           break;
+        coldata = 7 << (col * 3);
+        if ((row & coldata) == 0)
+            break;
     }
     if (col >= NAMEI_MAXVOLS)
        goto badGetFreeTag;