Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 May 2013 13:05:26 -0400
From:      Benjamin Kaduk <bjkfbsd@gmail.com>
To:        Eitan Adler <eadler@freebsd.org>
Cc:        "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>
Subject:   Re: svn commit: r250432 - head/usr.bin/split
Message-ID:  <CAJ5_RoB=hn1bHeqqUyvJWeJqooB6QwLFov=LtNu4PaYpsfMLQg@mail.gmail.com>
In-Reply-To: <201305100423.r4A4N44u094726@svn.freebsd.org>
References:  <201305100423.r4A4N44u094726@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Fri, May 10, 2013 at 12:23 AM, Eitan Adler <eadler@freebsd.org> wrote:

> Modified: head/usr.bin/split/split.c
>
> ==============================================================================
> --- head/usr.bin/split/split.c  Fri May 10 03:49:05 2013        (r250431)
> +++ head/usr.bin/split/split.c  Fri May 10 04:23:03 2013        (r250432)
> @@ -359,9 +367,19 @@ newfile(void)
>                 ofd = fileno(stdout);
>         }
>
> -       /* maxfiles = 26^sufflen, but don't use libm. */
> +       if (dflag) {
> +               beg = '0';
> +               end = '9';
> +       }
> +       else {
> +               beg = 'a';
> +               end = 'z';
> +       }
> +       pattlen = end - beg + 1;
> +
> +       /* maxfiles = pattlen^sufflen, but don't use libm. */
>         for (maxfiles = 1, i = 0; i < sufflen; i++)
> -               if ((maxfiles *= 26) <= 0)
> +               if ((maxfiles *= pattlen) <= 0)
>

This check relies on signed integer overflow, which is undefined behavior.
Furthermore, even if one assumes a non-evil compiler and two's complement
representation, this check fails for pattlen == 10.
10**9 is representable as both a signed and unsigned 32-bit integer, but
10**10 overflows both variants and ends up in the positive side of the
signed space.

With a fixed number of bases to be exponentiated here (10 or 26), it would
seem much simpler to do the logarithm manually out-of-band and just
hardcode a check on sufflen (noting that maxfiles is of type long which can
be either 32 or 64 bits).

-Ben


>                         errx(EX_USAGE, "suffix is too long (max %ld)", i);
>
>         if (fnum == maxfiles)
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ5_RoB=hn1bHeqqUyvJWeJqooB6QwLFov=LtNu4PaYpsfMLQg>