[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Today's^W Yesterday's bug.

T'was caused by filling a file hole. For example:

	pwrite(fd, "Thrunge\n", 8, 0);
	pwrite(fd, "Wibble\n",7, 100);
	pwrite(fd, "xx", 2, 50);

On the second pwrite(), a dummy node is generated to represent the hole 
between byte 8 and byte 100 in the file.

On the third pwrite(), jffs_delete_data() attempts to split that node, 
passes the 'new' node to jffs_add_node(), which oopsed because node->fm was 

Could someone with a little more clue about JFFS internals sanity-check my 
fix - which is just "Don't call jffs_add_node if node->fm is NULL" ?

@@ -1780,7 +1780,12 @@
 			/* A very interesting can of worms.  */
 			n->range_next = new_node;
 			n->data_size = offset - n->data_offset;
+			if (new_node->fm)
+			else {
+				D1(printk(KERN_WARNING "jffs_delete_data(): Splitting an empty node (file hold).\n!"));
+				D1(printk(KERN_WARNING "FIXME: Did dwmw2 do the right thing here?\n"));
+			}
 			n = new_node->range_next;
 			remove_size = 0;