Date: Wed, 27 Feb 2008 00:26:26 -0500 (EST) From: Garrett Wollman <wollman@hergotha.csail.mit.edu> To: jhb@freebsd.org Cc: arch@freebsd.org Subject: Re: Cleaning up FILE in stdio.. Message-ID: <200802270526.m1R5QQT3024163@hergotha.csail.mit.edu> In-Reply-To: <200802262355.16519.jhb@freebsd.org> References: <200802262251.m1QMp7bV021709@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <200802262355.16519.jhb@freebsd.org>,
John Baldwin <jhb@freebsd.org> writes:
>On Tuesday 26 February 2008 05:51:07 pm Garrett Wollman wrote:
>+ /*
>+ * File descriptors are a full int, but _file is only a short.
>+ * If we get a valid file descriptor that is greater than
>+ * SHRT_MAX, then the fd will get sign-extended into an
>+ * invalid file descriptor. Handle this case by failing the
>+ * open.
>+ */
>+ if (fd > SHRT_MAX) {
>+ errno = EINVAL;
>+ return (NULL);
>+ }
>+
Please, please, please, whatever you do, don't add Yet Another
Overloaded Meaning for [EINVAL]. Use [EMFILE] instead, which is
defined to have the precise meaning desired here. For extra credit,
fix the various places {STREAM_MAX} is defined to take this limit into
account. I think the following may be all that is required (beware
xterm cut-and-paste screwage):
Index: lib/libc/gen/sysconf.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/gen/sysconf.c,v
retrieving revision 1.20
diff -u -r1.20 sysconf.c
--- lib/libc/gen/sysconf.c 17 Nov 2002 08:54:29 -0000 1.20
+++ lib/libc/gen/sysconf.c 27 Feb 2008 05:23:24 -0000
@@ -105,7 +105,6 @@
mib[1] = KERN_NGROUPS;
break;
case _SC_OPEN_MAX:
- case _SC_STREAM_MAX: /* assume fds run out before memory does */
if (getrlimit(RLIMIT_NOFILE, &rl) != 0)
return (-1);
if (rl.rlim_cur == RLIM_INFINITY)
@@ -115,6 +114,25 @@
return (-1);
}
return ((long)rl.rlim_cur);
+ case _SC_STREAM_MAX:
+ if (getrlimit(RLIMIT_NOFILE, &rl) != 0)
+ return (-1);
+ if (rl.rlim_cur == RLIM_INFINITY)
+ return (-1);
+ if (rl.rlim_cur > LONG_MAX) {
+ errno = EOVERFLOW;
+ return (-1);
+ }
+ /*
+ * struct __sFILE currently has a limitation that
+ * file descriptors must fit in a signed short.
+ * This doesn't precisely capture the letter of POSIX
+ * but approximates the spirit.
+ */
+ if (rl.rlim_cur > SHRT_MAX)
+ return (SHRT_MAX);
+
+ return ((long)rl.rlim_cur);
case _SC_JOB_CONTROL:
return (_POSIX_JOB_CONTROL);
case _SC_SAVED_IDS:
-GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802270526.m1R5QQT3024163>