From owner-freebsd-hackers Tue Jan 23 20:58:00 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id UAA21616 for hackers-outgoing; Tue, 23 Jan 1996 20:58:00 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id UAA21601 for ; Tue, 23 Jan 1996 20:57:52 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id PAA31512; Wed, 24 Jan 1996 15:54:03 +1100 Date: Wed, 24 Jan 1996 15:54:03 +1100 From: Bruce Evans Message-Id: <199601240454.PAA31512@godzilla.zeta.org.au> To: m_tanaka@pa.yokogawa.co.jp, mpp@mpp.minn.net Subject: Re: NFS trouble ? Cc: freebsd-hackers@freebsd.org Sender: owner-hackers@freebsd.org Precedence: bulk >Index: nfs_bio.c >=================================================================== >RCS file: /usr/var/cvs/src/sys/nfs/nfs_bio.c,v >retrieving revision 1.21 >diff -u -r1.21 nfs_bio.c >--- nfs_bio.c 1995/12/17 21:12:13 1.21 >+++ nfs_bio.c 1996/01/23 20:03:38 >@@ -240,7 +240,8 @@ > */ > again: > bufsize = biosize; >- if ((lbn + 1) * biosize > np->n_size) { >+ if ((lbn + 1) * biosize > np->n_size && >+ (lbn + 1) * biosize - np->n_size < biosize) { > bufsize = np->n_size - lbn * biosize; > bufsize = (bufsize + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1); > } >-- I think the changed should be >+ if ((off_t)(lbn + 1) * biosize > np->n_size) { There are several other similar potentially overflowing multiplications is nfs_bio.c. Bruce