From owner-freebsd-bugs Mon Sep 11 8:50: 8 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6043B37B43E for ; Mon, 11 Sep 2000 08:50:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id IAA05717; Mon, 11 Sep 2000 08:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 607AF37B423; Mon, 11 Sep 2000 08:47:41 -0700 (PDT) Message-Id: <20000911154741.607AF37B423@hub.freebsd.org> Date: Mon, 11 Sep 2000 08:47:41 -0700 (PDT) From: bob@immure.com To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/21204: bit_ffc and bit_ffs macros in bitstring.h test 1 byte too many. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 21204 >Category: misc >Synopsis: bit_ffc and bit_ffs macros in bitstring.h test 1 byte too many. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 11 08:50:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Bob Willcox >Release: 4.0-stable >Organization: VIEO, Inc >Environment: FreeBSD sebulba.pmr.com 4.0-STABLE FreeBSD 4.0-STABLE #365: Sat Sep 9 08:55:18 CDT 2000 bob@sebulba.pmr.com:/usr/src/sys/compile/GPXTEST i386 >Description: The bit_ffc and bit_ffs macros both contain a for loop where they check for their loop ctr variable (_byte) for <_ to the end value (_stopbyte). Unfortunately, _stopbyte is preloaded to the number of bytes in the bit string, not the last valid index value. Consequently these macros both process one too many bytes. >How-To-Repeat: Set all of the bits in the string and execute bit_ffc. You will observe that it returns the index of _stopbyte (which is beyond the string). You can also try this with an all clear bitstring and use bit_ffs. I haven't actually tried this, since I discovered the bug when using bit_ffc, but the loop conditions are identical in it so the bug no doubt exists there as well. >Fix: Here is a patch that I installed that works for me: --- /usr/include/bitstring.h Mon Feb 21 08:13:54 2000 +++ gpxbitstring.h Sat Sep 9 08:44:25 2000 @@ -115,7 +115,7 @@ register bitstr_t *_name = name; \ register int _byte, _nbits = nbits; \ register int _stopbyte = _bit_byte(_nbits), _value = -1; \ - for (_byte = 0; _byte <= _stopbyte; ++_byte) \ + for (_byte = 0; _byte < _stopbyte; ++_byte) \ if (_name[_byte] != 0xff) { \ _value = _byte << 3; \ for (_stopbyte = _name[_byte]; (_stopbyte&0x1); \ @@ -130,7 +130,7 @@ register bitstr_t *_name = name; \ register int _byte, _nbits = nbits; \ register int _stopbyte = _bit_byte(_nbits), _value = -1; \ - for (_byte = 0; _byte <= _stopbyte; ++_byte) \ + for (_byte = 0; _byte < _stopbyte; ++_byte) \ if (_name[_byte]) { \ _value = _byte << 3; \ for (_stopbyte = _name[_byte]; !(_stopbyte&0x1); \ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message