From owner-freebsd-hackers Wed Jan 24 10:05:31 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA08951 for hackers-outgoing; Wed, 24 Jan 1996 10:05:31 -0800 (PST) Received: from mpp.minn.net (root@mpp.Minn.Net [204.157.201.242]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id KAA08939 for ; Wed, 24 Jan 1996 10:05:04 -0800 (PST) Received: (from mpp@localhost) by mpp.minn.net (8.7.3/8.6.9) id MAA00892; Wed, 24 Jan 1996 12:04:31 -0600 (CST) Message-Id: <199601241804.MAA00892@mpp.minn.net> Subject: Re: NFS trouble ? To: bde@zeta.org.au (Bruce Evans) Date: Wed, 24 Jan 1996 12:04:31 -0600 (CST) From: "Mike Pritchard" Cc: bde@zeta.org.au, m_tanaka@pa.yokogawa.co.jp, freebsd-hackers@freebsd.org In-Reply-To: <199601241729.EAA29129@godzilla.zeta.org.au> from "Bruce Evans" at Jan 25, 96 04:29:47 am X-Mailer: ELM [version 2.4 PL25 ME8b] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org Precedence: bulk Bruce Evans wrote: > > >There are several other similar potentially overflowing multiplications is > >nfs_bio.c. > > Oops, it needs your fix too, although it might be better for it to crash > than for it to attempt to copy a 1TB holey file to a 1TB non-holey file. > It will probably do something bad for one of the overflows. There's > another one visible `(lbn * biosize)' and stupider ones a little later > `diff = np->n_size - uio->uio_offset;' where the LHS has type `int' and > the RHS has type u_quad_t (n_size has type u_quad_t and uio_offset has > type off_t which happens to be quad_t). Support for >= 2GB files should > be disabled until all the overflows are fixed. I think I'll go ahead an commit my fix with the off_t casts you mentioned earlier - dunno why I didn't put them in myself, I remember noting that myself when I wrote the fix. The fix is still needed even if support for files >= 2GB is disabled, since you still need the extra check to prevent the result of the following computation from under/overflowing. As for the "diff = ..." stuff: then "diff" gets compared to other variables that are type int and so on. You could get a major headache from trying to clean this stuff up. -- Mike Pritchard mpp@minn.net "Go that way. Really fast. If something gets in your way, turn"