Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Jun 2002 10:34:30 +1000 (EST)
From:      Bruce Evans <bde@zeta.org.au>
To:        "J. Mallett" <jmallett@FreeBSD.org>
Cc:        cvs-committers@FreeBSD.org, <cvs-all@FreeBSD.org>
Subject:   Re: cvs commit: src/bin/ps fmt.c
Message-ID:  <20020607101000.R13287-100000@gamplex.bde.org>
In-Reply-To: <200206062029.g56KTej24391@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 6 Jun 2002, J. Mallett wrote:

> jmallett    2002/06/06 13:29:40 PDT
>
>   Modified files:
>     bin/ps               fmt.c
>   Log:
>   Cast arg_max to size_t when comparing it (times 4, plus 1) against SIZE_MAX.  I
>   was worried about truncation of arg_max by this cast, but if it gets truncated,
>   we know it'll obviously be greater than SIZE_MAX anyway.

This turns a correct bounds check into a broken one just to fix a warning.
arg_max (times 4, plus 1) has already been checked to be a postitive long.
Converting it to a size_t may truncate it to a very small value that is
less than SIZE_MAX, resulting in the bounds check bogusly succeeding.
Example of sizes where this may happen:

ARG_MAX = 4096			/* minimum permitted by POSIX, type obscure */
arg_max = 4096L			/* type long, so that it can hold sysconf() */
4 * arg_max + 1 = 16385L
size_t = uint8_t		/* impractical but easy to see problems with */
size_t(arg_max) = (size_t)1
4 * (size_t)arg_max + 1 = (int)5
SIZE_MAX = 255			/* type promoteof(size_t) (?) */

The 4 * arg_max + 1 > SIZE_MAX but 4 * (size_t)arg_max + 1 < SIZE_MAX.

Note that in this example, it's not completely clear that casting to size_t
even fixes the warning, since the cast is in the wrong place so it doesn't
have its intended effect of promoting the left operand to a size_t.  The
left operand has type int after the default promotions, so we might get a
warning anyway if the right operand has type size_t.  However, I think
SIZE_T can't have type size_t in this case, since I think it is specified
to be a preprocessor constants and preprocessor constants can't have type
uint8_t.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020607101000.R13287-100000>