From owner-freebsd-hackers  Tue Jan 23 20:58:00 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id UAA21616
          for hackers-outgoing; Tue, 23 Jan 1996 20:58:00 -0800 (PST)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id UAA21601
          for <freebsd-hackers@freebsd.org>; Tue, 23 Jan 1996 20:57:52 -0800 (PST)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id PAA31512; Wed, 24 Jan 1996 15:54:03 +1100
Date: Wed, 24 Jan 1996 15:54:03 +1100
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199601240454.PAA31512@godzilla.zeta.org.au>
To: m_tanaka@pa.yokogawa.co.jp, mpp@mpp.minn.net
Subject: Re: NFS trouble ?
Cc: freebsd-hackers@freebsd.org
Sender: owner-hackers@freebsd.org
Precedence: bulk

>Index: nfs_bio.c
>===================================================================
>RCS file: /usr/var/cvs/src/sys/nfs/nfs_bio.c,v
>retrieving revision 1.21
>diff -u -r1.21 nfs_bio.c
>--- nfs_bio.c	1995/12/17 21:12:13	1.21
>+++ nfs_bio.c	1996/01/23 20:03:38
>@@ -240,7 +240,8 @@
> 		 */
> again:
> 		bufsize = biosize;
>-		if ((lbn + 1) * biosize > np->n_size) {
>+		if ((lbn + 1) * biosize > np->n_size && 
>+		    (lbn + 1) * biosize - np->n_size < biosize) {
> 			bufsize = np->n_size - lbn * biosize;
> 			bufsize = (bufsize + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1);
> 		}
>-- 

I think the changed should be

>+		if ((off_t)(lbn + 1) * biosize > np->n_size) {

There are several other similar potentially overflowing multiplications is
nfs_bio.c.

Bruce