From owner-svn-src-all@FreeBSD.ORG Fri May 10 17:11:26 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E09317BD; Fri, 10 May 2013 17:11:26 +0000 (UTC) (envelope-from bjkfbsd@gmail.com) Received: from mail-qa0-x22a.google.com (mail-qa0-x22a.google.com [IPv6:2607:f8b0:400d:c00::22a]) by mx1.freebsd.org (Postfix) with ESMTP id 728DBA71; Fri, 10 May 2013 17:11:26 +0000 (UTC) Received: by mail-qa0-f42.google.com with SMTP id f11so436193qae.8 for ; Fri, 10 May 2013 10:11:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=ugYvxMd17T9Y7f68QESZUwoUwilzT67GgiX4T2h1dxc=; b=WCO/kuxw8jBafY+20fPeeo8XYy4DX4a1QWJhpksRxunHj88+KNoDeA3B2h9uFDElXZ AlK3oL17dC8zBQ3J52aXKIG6nVo6YBmd0i4f6PGdb59o5kv3TofuqreWaB5LtruGh8fT qxUJUctI5X4q6LGtONgu5HV5sGqZv5LIlPrBfp2tn8ynnRiG/N7uee0DH9yDNXySWC83 4NwdZl2U0vYAGs7kiUS7m/jkx83Jfw8q/l8VL3fJOG+eDHElbxEwVUmCXcPFtrY284Gn VB4Ls9A7ekzn0xWIGkIm6aFRGnIqhO117kryJvdS2qVegl3zR/JpuQeZTBn/IcxW0v8c j24A== MIME-Version: 1.0 X-Received: by 10.224.179.148 with SMTP id bq20mr12658011qab.30.1368205526179; Fri, 10 May 2013 10:05:26 -0700 (PDT) Received: by 10.49.18.193 with HTTP; Fri, 10 May 2013 10:05:26 -0700 (PDT) In-Reply-To: <201305100423.r4A4N44u094726@svn.freebsd.org> References: <201305100423.r4A4N44u094726@svn.freebsd.org> Date: Fri, 10 May 2013 13:05:26 -0400 Message-ID: Subject: Re: svn commit: r250432 - head/usr.bin/split From: Benjamin Kaduk To: Eitan Adler Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "svn-src-head@freebsd.org" , "svn-src-all@freebsd.org" , "src-committers@freebsd.org" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2013 17:11:27 -0000 On Fri, May 10, 2013 at 12:23 AM, Eitan Adler wrote: > Modified: head/usr.bin/split/split.c > > ============================================================================== > --- head/usr.bin/split/split.c Fri May 10 03:49:05 2013 (r250431) > +++ head/usr.bin/split/split.c Fri May 10 04:23:03 2013 (r250432) > @@ -359,9 +367,19 @@ newfile(void) > ofd = fileno(stdout); > } > > - /* maxfiles = 26^sufflen, but don't use libm. */ > + if (dflag) { > + beg = '0'; > + end = '9'; > + } > + else { > + beg = 'a'; > + end = 'z'; > + } > + pattlen = end - beg + 1; > + > + /* maxfiles = pattlen^sufflen, but don't use libm. */ > for (maxfiles = 1, i = 0; i < sufflen; i++) > - if ((maxfiles *= 26) <= 0) > + if ((maxfiles *= pattlen) <= 0) > This check relies on signed integer overflow, which is undefined behavior. Furthermore, even if one assumes a non-evil compiler and two's complement representation, this check fails for pattlen == 10. 10**9 is representable as both a signed and unsigned 32-bit integer, but 10**10 overflows both variants and ends up in the positive side of the signed space. With a fixed number of bases to be exponentiated here (10 or 26), it would seem much simpler to do the logarithm manually out-of-band and just hardcode a check on sufflen (noting that maxfiles is of type long which can be either 32 or 64 bits). -Ben > errx(EX_USAGE, "suffix is too long (max %ld)", i); > > if (fnum == maxfiles) >