projects / yaffs2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Change to strnlen() and strncpy() to avoid problems from unbounded strings
[yaffs2.git] / yaffs_guts.c
diff --git a/yaffs_guts.c b/yaffs_guts.c
index 2acfb8e031b4e83f18b1bb03d1a28d25f8ba14a1..a51d82d6aa5d6df0aac9cde72dbab396bc2e564c 100644 (file)
--- a/yaffs_guts.c
+++ b/yaffs_guts.c
@@ -12,7 +12,7 @@
  */
 
 const char *yaffs_guts_c_version =
-    "$Id: yaffs_guts.c,v 1.89 2009-09-09 00:56:53 charles Exp $";
+    "$Id: yaffs_guts.c,v 1.98 2009-12-07 01:17:33 charles Exp $";
 
 #include "yportenv.h"
 
@@ -113,7 +113,6 @@ static yaffs_Tnode *yaffs_FindLevel0Tnode(yaffs_Device *dev,
                                        yaffs_FileStructure *fStruct,
                                        __u32 chunkId);
 
-
 /* Function to calculate chunk and offset */
 
 static void yaffs_AddrToChunk(yaffs_Device *dev, loff_t addr, int *chunkOut,
@@ -1131,7 +1130,7 @@ static void yaffs_SetObjectName(yaffs_Object *obj, const YCHAR *name)
 {
 #ifdef CONFIG_YAFFS_SHORT_NAMES_IN_RAM
        memset(obj->shortName, 0, sizeof(YCHAR) * (YAFFS_SHORT_NAME_LENGTH+1));
-       if (name && yaffs_strlen(name) <= YAFFS_SHORT_NAME_LENGTH)
+       if (name && yaffs_strnlen(name,YAFFS_SHORT_NAME_LENGTH+1) <= YAFFS_SHORT_NAME_LENGTH)
                yaffs_strcpy(obj->shortName, name);
        else
                obj->shortName[0] = _Y('\0');
@@ -1324,7 +1323,7 @@ static void yaffs_InitialiseTnodes(yaffs_Device *dev)
 }
 
 
-void yaffs_PutLevel0Tnode(yaffs_Device *dev, yaffs_Tnode *tn, unsigned pos,
+void yaffs_LoadLevel0Tnode(yaffs_Device *dev, yaffs_Tnode *tn, unsigned pos,
                unsigned val)
 {
        __u32 *map = (__u32 *)tn;
@@ -1482,13 +1481,13 @@ static yaffs_Tnode *yaffs_AddOrFindLevel0Tnode(yaffs_Device *dev,
                        if (tn) {
                                tn->internal[0] = fStruct->top;
                                fStruct->top = tn;
+                               fStruct->topLevel++;
                        } else {
                                T(YAFFS_TRACE_ERROR,
-                                 (TSTR("yaffs: no more tnodes" TENDSTR)));
+                                       (TSTR("yaffs: no more tnodes" TENDSTR)));
+                               return NULL;
                        }
                }
-
-               fStruct->topLevel = requiredTallness;
        }
 
        /* Traverse down to level 0, adding anything we need */
@@ -1507,6 +1506,8 @@ static yaffs_Tnode *yaffs_AddOrFindLevel0Tnode(yaffs_Device *dev,
                        if ((l > 1) && !tn->internal[x]) {
                                /* Add missing non-level-zero tnode */
                                tn->internal[x] = yaffs_GetTnode(dev);
+                               if(!tn->internal[x])
+                                       return NULL;
 
                        } else if (l == 1) {
                                /* Looking from level 1 at level 0 */
@@ -1519,6 +1520,8 @@ static yaffs_Tnode *yaffs_AddOrFindLevel0Tnode(yaffs_Device *dev,
                                } else if (!tn->internal[x]) {
                                        /* Don't have one, none passed in */
                                        tn->internal[x] = yaffs_GetTnode(dev);
+                                       if(!tn->internal[x])
+                                               return NULL;
                                }
                        }
 
@@ -1642,7 +1645,7 @@ static int yaffs_DeleteWorker(yaffs_Object *in, yaffs_Tnode *tn, __u32 level,
 
                                        }
 
-                                       yaffs_PutLevel0Tnode(dev, tn, i, 0);
+                                       yaffs_LoadLevel0Tnode(dev, tn, i, 0);
                                }
 
                        }
@@ -1719,7 +1722,7 @@ static int yaffs_SoftDeleteWorker(yaffs_Object *in, yaffs_Tnode *tn,
                                         * a block.
                                         */
                                        yaffs_SoftDeleteChunk(dev, theChunk);
-                                       yaffs_PutLevel0Tnode(dev, tn, i, 0);
+                                       yaffs_LoadLevel0Tnode(dev, tn, i, 0);
                                }
 
                        }
@@ -1861,10 +1864,14 @@ static int yaffs_CreateFreeObjects(yaffs_Device *dev, int nObjects)
        list = YMALLOC(sizeof(yaffs_ObjectList));
 
        if (!newObjects || !list) {
-               if (newObjects)
+               if (newObjects){
                        YFREE(newObjects);
-               if (list)
+                       newObjects = NULL;
+               }
+               if (list){
                        YFREE(list);
+                       list = NULL;
+               }
                T(YAFFS_TRACE_ALLOCATE,
                  (TSTR("yaffs: Could not allocate more objects" TENDSTR)));
                return YAFFS_FAIL;
@@ -2008,6 +2015,7 @@ static void yaffs_FreeObject(yaffs_Object *tn)
 
 #ifdef VALGRIND_TEST
        YFREE(tn);
+       tn = NULL;
 #else
        /* Link into the free list. */
        tn->siblings.next = (struct ylist_head *)(dev->freeObjects);
@@ -2170,18 +2178,20 @@ yaffs_Object *yaffs_CreateNewObject(yaffs_Device *dev, int number,
        if (number < 0)
                number = yaffs_CreateNewObjectNumber(dev);
 
-       theObject = yaffs_AllocateEmptyObject(dev);
-       if (!theObject)
-               return NULL;
-
        if (type == YAFFS_OBJECT_TYPE_FILE) {
                tn = yaffs_GetTnode(dev);
-               if (!tn) {
-                       yaffs_FreeObject(theObject);
+               if (!tn)
                        return NULL;
-               }
        }
 
+       theObject = yaffs_AllocateEmptyObject(dev);
+       if (!theObject){
+               if(tn)
+                       yaffs_FreeTnode(dev,tn);
+               return NULL;
+       }
+
+
        if (theObject) {
                theObject->fake = 0;
                theObject->renameAllowed = 1;
@@ -2247,13 +2257,17 @@ static yaffs_Object *yaffs_FindOrCreateObjectByNumber(yaffs_Device *dev,
 static YCHAR *yaffs_CloneString(const YCHAR *str)
 {
        YCHAR *newStr = NULL;
+       int len;
 
-       if (str && *str) {
-               newStr = YMALLOC((yaffs_strlen(str) + 1) * sizeof(YCHAR));
-               if (newStr)
-                       yaffs_strcpy(newStr, str);
-       }
+       if (!str)
+               str = _Y("");
 
+       len = yaffs_strnlen(str,YAFFS_MAX_ALIAS_LENGTH);
+       newStr = YMALLOC((len + 1) * sizeof(YCHAR));
+       if (newStr){
+               yaffs_strncpy(newStr, str,len);
+               newStr[len] = 0;
+       }
        return newStr;
 
 }
@@ -2261,7 +2275,7 @@ static YCHAR *yaffs_CloneString(const YCHAR *str)
 /*
  * Mknod (create) a new object.
  * equivalentObject only has meaning for a hard link;
- * aliasString only has meaning for a sumlink.
+ * aliasString only has meaning for a symlink.
  * rdev only has meaning for devices (a subset of special objects)
  */
 
@@ -2283,21 +2297,23 @@ static yaffs_Object *yaffs_MknodObject(yaffs_ObjectType type,
        if (yaffs_FindObjectByName(parent, name))
                return NULL;
 
-       in = yaffs_CreateNewObject(dev, -1, type);
-
-       if (!in)
-               return YAFFS_FAIL;
-
        if (type == YAFFS_OBJECT_TYPE_SYMLINK) {
                str = yaffs_CloneString(aliasString);
-               if (!str) {
-                       yaffs_FreeObject(in);
+               if (!str)
                        return NULL;
-               }
+       }
+
+       in = yaffs_CreateNewObject(dev, -1, type);
+
+       if (!in){
+               if(str)
+                       YFREE(str);
+               return NULL;
        }
 
 
 
+
        if (in) {
                in->hdrChunk = 0;
                in->valid = 1;
@@ -2466,6 +2482,8 @@ int yaffs_RenameObject(yaffs_Object *oldDir, const YCHAR *oldName,
        yaffs_Object *obj = NULL;
        yaffs_Object *existingTarget = NULL;
        int force = 0;
+       int result;
+       yaffs_Device *dev;
 
 
        if (!oldDir || oldDir->variantType != YAFFS_OBJECT_TYPE_DIRECTORY)
@@ -2473,6 +2491,8 @@ int yaffs_RenameObject(yaffs_Object *oldDir, const YCHAR *oldName,
        if (!newDir || newDir->variantType != YAFFS_OBJECT_TYPE_DIRECTORY)
                YBUG();
 
+       dev = oldDir->myDev;
+
 #ifdef CONFIG_YAFFS_CASE_INSENSITIVE
        /* Special case for case insemsitive systems (eg. WinCE).
         * While look-up is case insensitive, the name isn't.
@@ -2482,7 +2502,7 @@ int yaffs_RenameObject(yaffs_Object *oldDir, const YCHAR *oldName,
                force = 1;
 #endif
 
-       else if (yaffs_strlen(newName) > YAFFS_MAX_NAME_LENGTH)
+       if(yaffs_strnlen(newName,YAFFS_MAX_NAME_LENGTH+1) > YAFFS_MAX_NAME_LENGTH)
                /* ENAMETOOLONG */
                return YAFFS_FAIL;
 
@@ -2500,17 +2520,26 @@ int yaffs_RenameObject(yaffs_Object *oldDir, const YCHAR *oldName,
                        return YAFFS_FAIL;      /* EEXIST or ENOTEMPTY */
                } else if (existingTarget && existingTarget != obj) {
                        /* Nuke the target first, using shadowing,
-                        * but only if it isn't the same object
+                        * but only if it isn't the same object.
+                        *
+                        * Note we must disable gc otherwise it can mess up the shadowing.
+                        *
                         */
+                       dev->isDoingGC=1;
                        yaffs_ChangeObjectName(obj, newDir, newName, force,
                                                existingTarget->objectId);
+                       existingTarget->isShadowed = 1;
                        yaffs_UnlinkObject(existingTarget);
+                       dev->isDoingGC=0;
                }
+
+               result = yaffs_ChangeObjectName(obj, newDir, newName, 1, 0);
+
                yaffs_UpdateParent(oldDir);
                if(newDir != oldDir)
                        yaffs_UpdateParent(newDir);
-
-               return yaffs_ChangeObjectName(obj, newDir, newName, 1, 0);
+               
+               return result;
        }
        return YAFFS_FAIL;
 }
@@ -3109,6 +3138,7 @@ static int yaffs_GarbageCollectBlock(yaffs_Device *dev, int block,
                                        if (tags.chunkId == 0) {
                                                /* It is an object Id,
                                                 * We need to nuke the shrinkheader flags first
+                                                * Also need to clean up shadowing.
                                                 * We no longer want the shrinkHeader flag since its work is done
                                                 * and if it is left in place it will mess up scanning.
                                                 */
@@ -3117,6 +3147,9 @@ static int yaffs_GarbageCollectBlock(yaffs_Device *dev, int block,
                                                oh = (yaffs_ObjectHeader *)buffer;
                                                oh->isShrink = 0;
                                                tags.extraIsShrinkHeader = 0;
+                                               oh->shadowsObject = 0;
+                                               oh->inbandShadowsObject = 0;
+                                               tags.extraShadows = 0;
 
                                                yaffs_VerifyObjectHeader(object, oh, &tags, 1);
                                        }
@@ -3341,7 +3374,7 @@ static int yaffs_FindAndDeleteChunkInFile(yaffs_Object *in, int chunkInInode,
 
                /* Delete the entry in the filestructure (if found) */
                if (retVal != -1)
-                       yaffs_PutLevel0Tnode(dev, tn, chunkInInode, 0);
+                       yaffs_LoadLevel0Tnode(dev, tn, chunkInInode, 0);
        }
 
        return retVal;
@@ -3411,6 +3444,8 @@ static int yaffs_PutChunkIntoFile(yaffs_Object *in, int chunkInInode,
        /* NB inScan is zero unless scanning.
         * For forward scanning, inScan is > 0;
         * for backward scanning inScan is < 0
+        *
+        * chunkInNAND = 0 is a dummy insert to make sure the tnodes are there.
         */
 
        yaffs_Tnode *tn;
@@ -3442,6 +3477,11 @@ static int yaffs_PutChunkIntoFile(yaffs_Object *in, int chunkInInode,
                                        NULL);
        if (!tn)
                return YAFFS_FAIL;
+       
+       if(!chunkInNAND)
+               /* Dummy insert, bail now */
+               return YAFFS_OK;
+               
 
        existingChunk = yaffs_GetChunkGroupBase(dev, tn, chunkInInode);
 
@@ -3523,7 +3563,7 @@ static int yaffs_PutChunkIntoFile(yaffs_Object *in, int chunkInInode,
        if (existingChunk == 0)
                in->nDataChunks++;
 
-       yaffs_PutLevel0Tnode(dev, tn, chunkInInode, chunkInNAND);
+       yaffs_LoadLevel0Tnode(dev, tn, chunkInInode, chunkInNAND);
 
        return YAFFS_OK;
 }
@@ -3645,12 +3685,20 @@ static int yaffs_WriteChunkDataToObject(yaffs_Object *in, int chunkInInode,
                (TSTR("Writing %d bytes to chunk!!!!!!!!!" TENDSTR), nBytes));
                YBUG();
        }
-
+       
+       /*
+        * If there isn't already a chunk there then do a dummy
+        * insert to make sue we have the desired tnode structure.
+        */
+       if(prevChunkId < 1 &&
+               yaffs_PutChunkIntoFile(in, chunkInInode, 0, 0) != YAFFS_OK)
+               return -1;
+               
        newChunkId =
            yaffs_WriteNewChunkWithTagsToNAND(dev, buffer, &newTags,
                                              useReserve);
 
-       if (newChunkId >= 0) {
+       if (newChunkId > 0) {
                yaffs_PutChunkIntoFile(in, chunkInInode, newChunkId, 0);
 
                if (prevChunkId > 0)
@@ -3680,6 +3728,7 @@ int yaffs_UpdateObjectHeader(yaffs_Object *in, const YCHAR *name, int force,
        int newChunkId;
        yaffs_ExtendedTags newTags;
        yaffs_ExtendedTags oldTags;
+       YCHAR *alias = NULL;
 
        __u8 *buffer = NULL;
        YCHAR oldName[YAFFS_MAX_NAME_LENGTH + 1];
@@ -3768,8 +3817,11 @@ int yaffs_UpdateObjectHeader(yaffs_Object *in, const YCHAR *name, int force,
                        /* Do nothing */
                        break;
                case YAFFS_OBJECT_TYPE_SYMLINK:
+                       alias = in->variant.symLinkVariant.alias;
+                       if(!alias)
+                               alias = _Y("no alias");
                        yaffs_strncpy(oh->alias,
-                                     in->variant.symLinkVariant.alias,
+                                       alias,
                                      YAFFS_MAX_ALIAS_LENGTH);
                        oh->alias[YAFFS_MAX_ALIAS_LENGTH] = 0;
                        break;
@@ -5031,11 +5083,13 @@ int yaffs_ResizeFile(yaffs_Object *in, loff_t newSize)
        }
 
 
-       /* Write a new object header.
+       /* Write a new object header to reflect the resize.
         * show we've shrunk the file, if need be
-        * Do this only if the file is not in the deleted directories.
+        * Do this only if the file is not in the deleted directories
+        * and is not shadowed.
         */
        if (in->parent &&
+           !in->isShadowed &&
            in->parent->objectId != YAFFS_OBJECTID_UNLINKED &&
            in->parent->objectId != YAFFS_OBJECTID_DELETED)
                yaffs_UpdateObjectHeader(in, NULL, 0,
@@ -5046,13 +5100,17 @@ int yaffs_ResizeFile(yaffs_Object *in, loff_t newSize)
 
 loff_t yaffs_GetFileSize(yaffs_Object *obj)
 {
+       YCHAR *alias = NULL;
        obj = yaffs_GetEquivalentObject(obj);
 
        switch (obj->variantType) {
        case YAFFS_OBJECT_TYPE_FILE:
                return obj->variant.fileVariant.fileSize;
        case YAFFS_OBJECT_TYPE_SYMLINK:
-               return yaffs_strlen(obj->variant.symLinkVariant.alias);
+               alias = obj->variant.symLinkVariant.alias;
+               if(!alias)
+                       return 0;
+               return yaffs_strnlen(alias,YAFFS_MAX_ALIAS_LENGTH);
        default:
                return 0;
        }
@@ -5060,23 +5118,27 @@ loff_t yaffs_GetFileSize(yaffs_Object *obj)
 
 
 
-int yaffs_FlushFile(yaffs_Object *in, int updateTime)
+int yaffs_FlushFile(yaffs_Object *in, int updateTime, int dataSync)
 {
        int retVal;
        if (in->dirty) {
                yaffs_FlushFilesChunkCache(in);
-               if (updateTime) {
+               if(dataSync) /* Only sync data */
+                       retVal=YAFFS_OK;
+               else {
+                       if (updateTime) {
 #ifdef CONFIG_YAFFS_WINCE
-                       yfsd_WinFileTimeNow(in->win_mtime);
+                               yfsd_WinFileTimeNow(in->win_mtime);
 #else
 
-                       in->yst_mtime = Y_CURRENT_TIME;
+                               in->yst_mtime = Y_CURRENT_TIME;
 
 #endif
-               }
+                       }
 
-               retVal = (yaffs_UpdateObjectHeader(in, NULL, 0, 0, 0) >=
-                       0) ? YAFFS_OK : YAFFS_FAIL;
+                       retVal = (yaffs_UpdateObjectHeader(in, NULL, 0, 0, 0) >=
+                               0) ? YAFFS_OK : YAFFS_FAIL;
+               }
        } else {
                retVal = YAFFS_OK;
        }
@@ -5194,7 +5256,9 @@ static int yaffs_DeleteDirectory(yaffs_Object *obj)
 
 static int yaffs_DeleteSymLink(yaffs_Object *in)
 {
-       YFREE(in->variant.symLinkVariant.alias);
+       if(in->variant.symLinkVariant.alias)
+               YFREE(in->variant.symLinkVariant.alias);
+       in->variant.symLinkVariant.alias=NULL;
 
        return yaffs_DoGenericObjectDeletion(in);
 }
@@ -5346,7 +5410,8 @@ static void yaffs_HandleShadowedObject(yaffs_Device *dev, int objId,
                /* Handle YAFFS2 case (backward scanning)
                 * If the shadowed object exists then ignore.
                 */
-               if (yaffs_FindObjectByNumber(dev, objId))
+               obj = yaffs_FindObjectByNumber(dev, objId);
+               if(obj)
                        return;
        }
 
@@ -5358,6 +5423,7 @@ static void yaffs_HandleShadowedObject(yaffs_Device *dev, int objId,
                                             YAFFS_OBJECT_TYPE_FILE);
        if (!obj)
                return;
+       obj->isShadowed = 1;
        yaffs_AddObjectToDirectory(dev->unlinkedDir, obj);
        obj->variant.fileVariant.shrinkSize = 0;
        obj->valid = 1;         /* So that we don't read any other info for this file */
@@ -5450,6 +5516,125 @@ static void yaffs_StripDeletedObjects(yaffs_Device *dev)
 
 }
 
+/*
+ * This code iterates through all the objects making sure that they are rooted.
+ * Any unrooted objects are re-rooted in lost+found.
+ * An object needs to be in one of:
+ * - Directly under deleted, unlinked
+ * - Directly or indirectly under root.
+ *
+ * Note:
+ *  This code assumes that we don't ever change the current relationships between
+ *  directories:
+ *   rootDir->parent == unlinkedDir->parent == deletedDir->parent == NULL
+ *   lostNfound->parent == rootDir
+ *
+ * This fixes the problem where directories might have inadvertently been deleted
+ * leaving the object "hanging" without being rooted in the directory tree.
+ */
+static int yaffs_HasNULLParent(yaffs_Device *dev, yaffs_Object *obj)
+{
+       return (obj == dev->deletedDir ||
+               obj == dev->unlinkedDir||
+               obj == dev->rootDir);
+}
+
+static void yaffs_FixHangingObjects(yaffs_Device *dev)
+{
+       yaffs_Object *obj;
+       yaffs_Object *parent;
+       int i;
+       struct ylist_head *lh;
+       struct ylist_head *n;
+       int depthLimit;
+       int hanging;
+
+
+       /* Iterate through the objects in each hash entry,
+        * looking at each object.
+        * Make sure it is rooted.
+        */
+
+       for (i = 0; i <  YAFFS_NOBJECT_BUCKETS; i++) {
+               ylist_for_each_safe(lh, n, &dev->objectBucket[i].list) {
+                       if (lh) {
+                               obj = ylist_entry(lh, yaffs_Object, hashLink);
+                               parent= obj->parent;
+                               
+                               if(yaffs_HasNULLParent(dev,obj)){
+                                       /* These directories are not hanging */
+                                       hanging = 0;
+                               }
+                               else if(!parent || parent->variantType != YAFFS_OBJECT_TYPE_DIRECTORY)
+                                       hanging = 1;
+                               else if(yaffs_HasNULLParent(dev,parent))
+                                       hanging = 0;
+                               else {
+                                       /*
+                                        * Need to follow the parent chain to see if it is hanging.
+                                        */
+                                       hanging = 0;
+                                       depthLimit=100;
+
+                                       while(parent != dev->rootDir &&
+                                               parent->parent &&
+                                               parent->parent->variantType == YAFFS_OBJECT_TYPE_DIRECTORY &&
+                                               depthLimit > 0){
+                                               parent = parent->parent;
+                                               depthLimit--;
+                                       }
+                                       if(parent != dev->rootDir)
+                                               hanging = 1;
+                               }
+                               if(hanging){
+                                       T(YAFFS_TRACE_SCAN,
+                                         (TSTR("Hanging object %d moved to lost and found" TENDSTR),
+                                               obj->objectId));
+                                       yaffs_AddObjectToDirectory(dev->lostNFoundDir,obj);
+                               }
+                       }
+               }
+       }
+}
+
+
+/*
+ * Delete directory contents for cleaning up lost and found.
+ */
+static void yaffs_DeleteDirectoryContents(yaffs_Object *dir)
+{
+       yaffs_Object *obj;
+       struct ylist_head *lh;
+       struct ylist_head *n;
+
+       if(dir->variantType != YAFFS_OBJECT_TYPE_DIRECTORY)
+               YBUG();
+       
+       ylist_for_each_safe(lh, n, &dir->variant.directoryVariant.children) {
+               if (lh) {
+                       obj = ylist_entry(lh, yaffs_Object, siblings);
+                       if(obj->variantType == YAFFS_OBJECT_TYPE_DIRECTORY)
+                               yaffs_DeleteDirectoryContents(obj);
+
+                       T(YAFFS_TRACE_SCAN,
+                               (TSTR("Deleting lost_found object %d" TENDSTR),
+                               obj->objectId));
+
+                       /* Need to use UnlinkObject since Delete would not handle
+                        * hardlinked objects correctly.
+                        */
+                       yaffs_UnlinkObject(obj); 
+               }
+       }
+                       
+}
+
+static void yaffs_EmptyLostAndFound(yaffs_Device *dev)
+{
+       yaffs_DeleteDirectoryContents(dev->lostNFoundDir);
+}
+
 static int yaffs_Scan(yaffs_Device *dev)
 {
        yaffs_ExtendedTags tags;
@@ -6275,9 +6460,7 @@ static int yaffs_ScanBackwards(yaffs_Device *dev)
                                }
 
                                if (!in ||
-#ifdef CONFIG_YAFFS_DISABLE_LAZY_LOAD
-                                   !in->valid ||
-#endif
+                                   (!in->valid && dev->disableLazyLoad) ||
                                    tags.extraShadows ||
                                    (!in->valid &&
                                    (tags.objectId == YAFFS_OBJECTID_ROOT ||
@@ -6911,7 +7094,7 @@ int yaffs_GetObjectName(yaffs_Object *obj, YCHAR *name, int buffSize)
        }
 #ifdef CONFIG_YAFFS_SHORT_NAMES_IN_RAM
        else if (obj->shortName[0])
-               yaffs_strcpy(name, obj->shortName);
+               yaffs_strncpy(name, obj->shortName,YAFFS_SHORT_NAME_LENGTH+1);
 #endif
        else {
                int result;
@@ -6927,11 +7110,12 @@ int yaffs_GetObjectName(yaffs_Object *obj, YCHAR *name, int buffSize)
                                                        NULL);
                }
                yaffs_strncpy(name, oh->name, buffSize - 1);
+               name[buffSize-1]=0;
 
                yaffs_ReleaseTempBuffer(obj->myDev, buffer, __LINE__);
        }
 
-       return yaffs_strlen(name);
+       return yaffs_strnlen(name,buffSize-1);
 }
 
 int yaffs_GetObjectFileLength(yaffs_Object *obj)
@@ -6941,9 +7125,11 @@ int yaffs_GetObjectFileLength(yaffs_Object *obj)
 
        if (obj->variantType == YAFFS_OBJECT_TYPE_FILE)
                return obj->variant.fileVariant.fileSize;
-       if (obj->variantType == YAFFS_OBJECT_TYPE_SYMLINK)
-               return yaffs_strlen(obj->variant.symLinkVariant.alias);
-       else {
+       if (obj->variantType == YAFFS_OBJECT_TYPE_SYMLINK){
+               if(!obj->variant.symLinkVariant.alias)
+                       return 0;
+               return yaffs_strnlen(obj->variant.symLinkVariant.alias,YAFFS_MAX_ALIAS_LENGTH);
+       } else {
                /* Only a directory should drop through to here */
                return obj->myDev->nDataBytesPerChunk;
        }
@@ -7413,6 +7599,9 @@ int yaffs_GutsInitialise(yaffs_Device *dev)
                                init_failed = 1;
 
                yaffs_StripDeletedObjects(dev);
+               yaffs_FixHangingObjects(dev);
+               if(dev->emptyLostAndFound)
+                       yaffs_EmptyLostAndFound(dev);
        }
 
        if (init_failed) {
@@ -7436,6 +7625,9 @@ int yaffs_GutsInitialise(yaffs_Device *dev)
        yaffs_VerifyFreeChunks(dev);
        yaffs_VerifyBlocks(dev);
 
+       /* Clean up any aborted checkpoint data */
+       if(!dev->isCheckpointed && dev->blocksInCheckpoint > 0)
+               yaffs_InvalidateCheckpoint(dev);
 
        T(YAFFS_TRACE_TRACING,
          (TSTR("yaffs: yaffs_GutsInitialise() done.\n" TENDSTR)));
The YAFFS2 repository.