Date: Sat, 4 Aug 2001 12:59:56 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Mike Barcroft <mike@FreeBSD.org> Cc: <audit@FreeBSD.org> Subject: Re: cmp(1) warns patch Message-ID: <20010804124551.S16377-100000@besplex.bde.org> In-Reply-To: <20010803213745.A4390@coffee.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 3 Aug 2001, Mike Barcroft wrote: > I'd appreciate comments on the following patch. If there are no > objections, I'd like to commit this shortly. > ... > Index: cmp/regular.c > =================================================================== > RCS file: /home/ncvs/src/usr.bin/cmp/regular.c,v > retrieving revision 1.10 > diff -u -r1.10 regular.c > --- cmp/regular.c 2000/06/20 20:28:40 1.10 > +++ cmp/regular.c 2001/08/04 01:02:33 > ... > @@ -81,7 +81,7 @@ > off2 = ROUNDPAGE(skip2); > > length = MIN(len1, len2); > - if (length > SIZE_T_MAX) > + if (length > (off_t)SIZE_T_MAX) This is broken on many machines, including alphas. On alphas, (off_t)SIZE_MAX overflows to -1, so `length' is always larger and the pessimized cspecial() method is always used. Casting the left hand size to the type of the right hand side would be even more broken. Without any casts, `length' and SIZE_T_MAX were promoted to a common type and there was no problem unless length < 0 (which can't happen). > return (c_special(fd1, file1, skip1, fd2, file2, skip2)); > > if ((p1 = (u_char *)mmap(NULL, (size_t)len1 + skip1 % pagesize, Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010804124551.S16377-100000>