From owner-freebsd-arch@FreeBSD.ORG Wed Nov 2 19:22:45 2011 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48F761065677 for ; Wed, 2 Nov 2011 19:22:45 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 211428FC15 for ; Wed, 2 Nov 2011 19:22:45 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id AFFCF46B0A; Wed, 2 Nov 2011 15:22:44 -0400 (EDT) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 4D9708A02E; Wed, 2 Nov 2011 15:22:44 -0400 (EDT) From: John Baldwin To: Jilles Tjoelker Date: Wed, 2 Nov 2011 14:21:59 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110714-p8; KDE/4.5.5; amd64; ; ) References: <201110281426.00013.jhb@freebsd.org> <201110311024.07580.jhb@freebsd.org> <20111102181140.GA21621@stack.nl> In-Reply-To: <20111102181140.GA21621@stack.nl> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201111021421.59542.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (bigwig.baldwin.cx); Wed, 02 Nov 2011 15:22:44 -0400 (EDT) Cc: arch@freebsd.org Subject: Re: [PATCH] fadvise(2) system call X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2011 19:22:45 -0000 On Wednesday, November 02, 2011 2:11:41 pm Jilles Tjoelker wrote: > On Mon, Oct 31, 2011 at 10:24:07AM -0400, John Baldwin wrote: > > > The comparisons > > > > + (fa->fa_start != 0 && fa->fa_start == end + 1) || > > > + (uap->offset != 0 && fa->fa_end + 1 == uap->offset))) { > > > > should instead be something like > > > > + (end != OFF_MAX && fa->fa_start == end + 1) || > > > + (fa->fa_end != OFF_MAX && fa->fa_end + 1 == uap->offset))) { > > > > to avoid integer overflow. > > > Hmm, but the expressions will still work in that case, yes? I already > > check for uap->offset and uap->len being negative earlier (so fa_start > > and fa_end are always positive), and off_t is signed, so if end is > > OFF_MAX, then end + 1 will certainly not == fa_start? > > Signed integer overflow is undefined behaviour; therefore, if you write > end + 1 without checking that end != OFF_MAX, the compiler may assume > that end != OFF_MAX. Whether the compiler will take advantage of this in > ways that cause breakage is another question. For example, if there were > a subsequent check for end != OFF_MAX, the compiler would be allowed to > remove that check. I think it is best not to risk it. Ok. -- John Baldwin