info-mtools
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[mtools] mtools floppyd bug report / patch

From: Sebastian Kiesel
Subject: [mtools] mtools floppyd bug report / patch
Date: Sat, 19 Apr 2003 20:39:21 +0200
User-agent: Mutt/1.3.28i 
Hi,

I encountered a problem when using floppyd. I tested both the older
version mtools-3.9.6 and the current mtools-3.9.9

I have floppyd running in daemon mode on my X terminal:
floppyd -d -s 5703 /dev/fd1



# insert floppy disc in drive
$ mdir
... shows floppy directory contents as desired ...

# insert another, physically defective floppy disk
$ mdir
floppyd_io: Input/output error
Broken pipe
... no surprise - floppy is defective ...

# insert the good, previously working floppy again
$ mdir
Permission denied, authentication failed!
Auth failed: Device locked!
Drive 'A:' not supported
Cannot initialize 'A:'

... same error message appears for all subsequent operations ...



Restrarting floppyd on the X terminal did not help, 
"Device locked!" message did not go away.


I could trace the problem as follows (line numbers referring to 
floppyd.c as shipped with mtools-3.9.9):

lines 1111 .. 1119 call for the opcode OP_READ the functions
   read_packet(parm, ...)
   send_reply(...)
   send_packet(parm, ...)

in line 356, read_packet assigns parm->len=read( FLOPPY )
If reading from the floppy fails for any reason (e.g., defective
media) parm->len will be assinged -1

send_packet calls buf_write, which in line 189 calls 
memcpy(buf->out_buffer+buf->out_valid, buffer, nbytes);
with nbytes=parm->len



Under error conditions memcpy will be called  memcpy( .. , .. , -1)
which causes the floppyd child process to crash with SIGSEGV
(at least with glibc-2.1.3), leaving the lock file
/tmp/-+dev-+fd0 behind. Subsequent connections to floppyd
(the main server loop process is still running) will find the 
device locked and fail.


I'd like to suggest the following patch:


--- mtools-3.9.9-orig/floppyd.c Sat Nov  2 11:55:24 2002
+++ mtools-3.9.9-patch-ki-floppyd/floppyd.c     Sat Apr 19 20:01:25 2003
@@ -1111,14 +1111,15 @@
                        case OP_READ:
 #if DEBUG
                                fprintf(stderr, "READ:\n");
 #endif
                                read_packet(parm, devFd, get_dword(parm, 0));
                                send_reply(devFd, sock, get_length(parm));
-                               send_packet(parm, sock);
-                               
+                                if(get_length(parm) != -1) {
+                                       send_packet(parm, sock);
+                               }
                                break;
                        case OP_WRITE:
 #if DEBUG
                                fprintf(stderr, "WRITE:\n");
 #endif
                                if(readOnly) {



It seems to work for me, but I am not 100% sure whether this is
compliant to the floppyd protocol specification. Any comments welcome.



regards,
Sebastian

Attachment: mtools-3.9.9-patch-ki-floppyd
Description: Text document

reply via email to
[Prev in Thread] Current Thread [Next in Thread]