From owner-freebsd-bugs Tue Jan 28 23:40: 6 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE9D037B401 for ; Tue, 28 Jan 2003 23:40:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9185443F93 for ; Tue, 28 Jan 2003 23:40:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h0T7e2NS023365 for ; Tue, 28 Jan 2003 23:40:02 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h0T7e2Q7023364; Tue, 28 Jan 2003 23:40:02 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 096EC37B401 for ; Tue, 28 Jan 2003 23:33:24 -0800 (PST) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19D6543F43 for ; Tue, 28 Jan 2003 23:33:23 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.6/8.12.6) with ESMTP id h0T7XMZE005718 for ; Wed, 29 Jan 2003 08:33:22 +0100 (CET) (envelope-from phk@critter.freebsd.dk) Received: (from phk@localhost) by critter.freebsd.dk (8.12.6/8.12.6/Submit) id h0T7XLOl005717; Wed, 29 Jan 2003 08:33:21 +0100 (CET) Message-Id: <200301290733.h0T7XLOl005717@critter.freebsd.dk> Date: Wed, 29 Jan 2003 08:33:21 +0100 (CET) From: Poul-Henning Kamp Reply-To: Poul-Henning Kamp To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/47625: Fatal Signed/Unsigned mistake in sysv_sem.c Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 47625 >Category: kern >Synopsis: Fatal Signed/Unsigned mistake in sysv_sem.c >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 28 23:40:02 PST 2003 >Closed-Date: >Last-Modified: >Originator: Poul-Henning Kamp >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD critter.freebsd.dk 5.0-CURRENT FreeBSD 5.0-CURRENT #11: Thu Jan 16 19:45:34 CET 2003 root@critter.freebsd.dk:/freebsd/src/sys/i386/compile/CRITTER i386 >Description: Undo Rollback in sysv_sem.c bórked. 'j' is a size_t which is unsigned. Unsigned is always >= 0. /* * Oh-Oh! We ran out of either sem_undo's or undo's. * Rollback the adjustments to this point and then * rollback the semaphore ups and down so we can return * with an error with all structures restored. We * rollback the undo's in the exact reverse order that * we applied them. This guarantees that we won't run * out of space as we roll things back out. */ for (j = i - 1; j >= 0; j--) { if ((sops[j].sem_flg & SEM_UNDO) == 0) continue; adjval = sops[j].sem_op; if (adjval == 0) continue; if (semundo_adjust(td, &suptr, semid, sops[j].sem_num, adjval) != 0) panic("semop - can't undo undos"); } >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message