DragonFlyBSD

Hello,

I reckon the following patch fixes http://bugs.dragonflybsd.org/issue739.

I couldn't reproduce the issue, so I simply rebuilt the kernel to test
this patch.

When the collision occurs in deget(), the newly created vnode (nvp) is
destroyed.
At this point, nvp->v_data does not yet point to the denode (ldep) and is
presumably NULL, so when nvp->v_data is dereferenced in msdosfs_inactive()
(dep->de_name⁰ == SLOT_DELETED), the kernel takes a fault.

The patch simply checks that dep is not NULL before dereferencing it. This
mimics what is done in ufs_inactive() and is documented in
http://www.dragonflybsd.org/cvsweb/src/sys/vfs/ufs/ufs_ihash.c?r1=1.12.

Cheers,
Nicolas

Index: msdosfs_denode.c ===================================================================
RCS file: /home/dcvs/src/sys/vfs/msdosfs/msdosfs_denode.c,v
retrieving revision 1.29
diff u -r1.29 msdosfs_denode.c
-- msdosfs_denode.c 14 Jun 2007 02:55:27 -0000 1.29
+++ msdosfs_denode.c 29 Jul 2007 19:11:05 -0000
@ -698,7 +698,7 @
/* * Ignore denodes related to stale file handles.
*/
- if (dep->de_Name⁰ SLOT_DELETED)
+ if (dep NULL || dep->de_Name⁰ == SLOT_DELETED)
goto out;

/*