From owner-freebsd-hackers Wed Jan 24 09:33:07 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA07455 for hackers-outgoing; Wed, 24 Jan 1996 09:33:07 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA07438 for ; Wed, 24 Jan 1996 09:32:28 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id EAA29129; Thu, 25 Jan 1996 04:29:47 +1100 Date: Thu, 25 Jan 1996 04:29:47 +1100 From: Bruce Evans Message-Id: <199601241729.EAA29129@godzilla.zeta.org.au> To: bde@zeta.org.au, m_tanaka@pa.yokogawa.co.jp, mpp@mpp.minn.net Subject: Re: NFS trouble ? Cc: freebsd-hackers@freebsd.org Sender: owner-hackers@freebsd.org Precedence: bulk >>Index: nfs_bio.c >>=================================================================== >>RCS file: /usr/var/cvs/src/sys/nfs/nfs_bio.c,v >>retrieving revision 1.21 >>diff -u -r1.21 nfs_bio.c >>--- nfs_bio.c 1995/12/17 21:12:13 1.21 >>+++ nfs_bio.c 1996/01/23 20:03:38 >>@@ -240,7 +240,8 @@ >> */ >> again: >> bufsize = biosize; >>- if ((lbn + 1) * biosize > np->n_size) { >>+ if ((lbn + 1) * biosize > np->n_size && >>+ (lbn + 1) * biosize - np->n_size < biosize) { >> bufsize = np->n_size - lbn * biosize; >> bufsize = (bufsize + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1); >> } >>-- >I think the changed should be >>+ if ((off_t)(lbn + 1) * biosize > np->n_size) { >There are several other similar potentially overflowing multiplications is >nfs_bio.c. Oops, it needs your fix too, although it might be better for it to crash than for it to attempt to copy a 1TB holey file to a 1TB non-holey file. It will probably do something bad for one of the overflows. There's another one visible `(lbn * biosize)' and stupider ones a little later `diff = np->n_size - uio->uio_offset;' where the LHS has type `int' and the RHS has type u_quad_t (n_size has type u_quad_t and uio_offset has type off_t which happens to be quad_t). Support for >= 2GB files should be disabled until all the overflows are fixed. Bruce