And here is the other message that did not come through ---------------- original message ----------------- Hello Charles, Here is a shorter patch. Setting .alias to "deleted" negates the need for NULL checks in several places. Thanks again, -Chris --- yaffs2.orig/yaffs_guts.c 2009-11-10 17:40:41.000000000 -0800 +++ yaffs2/yaffs_guts.c 2009-12-02 16:18:50.000000000 -0800 @@ -5236,7 +5236,7 @@ static int yaffs_DeleteSymLink(yaffs_Object *in) { YFREE(in->variant.symLinkVariant.alias); - + in->variant.symLinkVariant.alias = yaffs_CloneString(_Y("deleted")); return yaffs_DoGenericObjectDeletion(in); } @@ -5974,10 +5974,21 @@ /* Do nothing */ break; case YAFFS_OBJECT_TYPE_SYMLINK: - in->variant.symLinkVariant.alias = - yaffs_CloneString(oh->alias); + /* Note there used to be a bug where for + * deleted symlinks, .alias was copied + * from after a free. Therefore, the + * value of oh->alias must not be + * depended upon for deleted symlinks. + */ + if (oh->parentObjectId == YAFFS_OBJECTID_DELETED) + in->variant.symLinkVariant.alias = + yaffs_CloneString(_Y("deleted")); + else + in->variant.symLinkVariant.alias = + yaffs_CloneString(oh->alias); if (!in->variant.symLinkVariant.alias) alloc_failed = 1; + break; } @@ -6098,8 +6109,18 @@ yaffs_SetObjectName(in, oh->name); if (in->variantType == YAFFS_OBJECT_TYPE_SYMLINK) { - in->variant.symLinkVariant.alias = - yaffs_CloneString(oh->alias); + /* Note there used to be a bug where for + * deleted symlinks, .alias was copied + * from after a free. Therefore, the + * value of oh->alias must not be + * depended upon for deleted symlinks. + */ + if (oh->parentObjectId == YAFFS_OBJECTID_DELETED) + in->variant.symLinkVariant.alias = + yaffs_CloneString(_Y("deleted")); + else + in->variant.symLinkVariant.alias = + yaffs_CloneString(oh->alias); if (!in->variant.symLinkVariant.alias) alloc_failed = 1; /* Not returned to caller */ } @@ -6717,12 +6738,20 @@ /* Do nothing */ break; case YAFFS_OBJECT_TYPE_SYMLINK: - if (oh) { + /* Note there used to be a bug where for + * deleted symlinks, .alias was copied + * from after a free. Therefore, the + * value of oh->alias must not be + * depended upon for deleted symlinks. + */ + if (oh && oh->parentObjectId == YAFFS_OBJECTID_DELETED) + in->variant.symLinkVariant.alias = + yaffs_CloneString(_Y("deleted")); + else if (oh) in->variant.symLinkVariant.alias = yaffs_CloneString(oh->alias); - if (!in->variant.symLinkVariant.alias) - alloc_failed = 1; - } + if (!in->variant.symLinkVariant.alias) + alloc_failed = 1; break; }