Hi,

I think there is an issue with directory handling. We found this while accidentally opening a directory instead a file. This let yaffs crash:

    

    handle = yaffs_open(directory, oflag, 0755)

    yaffs_lseek(handle, (Y_LOFF_T)0, SEEK_SET);

    yaffs_close(obj->handle)

when directory contains a directory name.

Reason is that in yaffs_lseek the v member of yaffsfs_FileDes is touched:

    if (pos >= 0 && pos <= YAFFS_MAX_FILE_SIZE)

            fd->v.position = pos;

Later when closing in yaffsfs_PutFileDes v is used again:

    yaffsfs_closedir_no_lock(fd->v.dir); 

I think there is a check missing in yaffs_lseek if the handle points to a directory. What do you think?

Robert.