Prevent infinite loop in lfs_traverse #136
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lfs_traverse has no protection against infinite loops. Consider what happens if a directory entry has dir.d.tail == cwd... you end up hanging forever. [Relevant section of code:](https://github.com/ARMmbed/littlefs/blob/195075819e05a9ce8568d3d98363f2a6f19ed436/lfs.c#L2294) ``` int lfs_traverse(lfs_t *lfs, int (*cb)(void*, lfs_block_t), void *data) { ... lfs_dir_t dir; lfs_block_t cwd[2] ... while (true) { ... lfs_dir_fetch(lfs, &dir, cwd); ... cwd[0] = dir.d.tail[0]; cwd[1] = dir.d.tail[1]; ... } } ``` This is mostly a theoretical issue - this can only really happen if the on-flash data is already in an invalid state. However, as littlefs is supposed to be failsafe... Two fixes come to mind: 1. Keep a counter. If you ever traverse >= the total number of blocks, you know that you've hit a loop. (This may take a while... but this isn't supposed to happen unless something has gone wrong _anyway_, and it's still better than just hanging forever.) 2. Use something like the tortose-and-hare algorithm. (Advance the hare, do the callback, exit if done, panic if hare == tortose, advance the hare, do the callback, exit if done, panic if hare == tortose, advance the tortose, panic if hare == tortose. Repeat.) Probably overkill. This change implements littlefs-project#1.
Author
|
Note: there is an analogous issue in lfs_parent - although it's harder to hit, it can be hit from lfs_deorphan. Ditto, there's an analogous issue with the open file loop in lfs_traverse. |
Member
|
Hi @TheLoneWolfling, thanks for creating a PR. I'm going to wait on this until v2 just because a lot of the code is going to change. But you're right it's probably a good idea to have these checks on every loop. Related #98 |
Author
|
Ok. Is it alright if I start looking at v2? Or should I hold off? |
Member
|
Sure thing! It may be rough around the edges, but any feedback is welcome :) |
Member
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
lfs_traverse has no protection against infinite loops. Consider what happens if a directory entry has dir.d.tail == cwd... you end up hanging forever. Relevant section of code:
This is mostly a theoretical issue - this can only really happen if the on-flash data is already in an invalid state. However, as littlefs is supposed to be failsafe...
Two fixes come to mind:
This change implements #1.