From owner-freebsd-hackers Sun Sep 19 7:41: 2 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from lamb.sas.com (lamb.sas.com [192.35.83.8]) by hub.freebsd.org (Postfix) with ESMTP id 0201C14CF5; Sun, 19 Sep 1999 07:40:58 -0700 (PDT) (envelope-from jwd@unx.sas.com) Received: from mozart (mozart.unx.sas.com [192.58.184.28]) by lamb.sas.com (8.9.3/8.9.1) with SMTP id KAA08036; Sun, 19 Sep 1999 10:40:39 -0400 (EDT) Received: from bb01f39.unx.sas.com by mozart (5.65c/SAS/Domains/5-6-90) id AA21246; Sat, 18 Sep 1999 23:06:17 -0400 Received: (from jwd@localhost) by bb01f39.unx.sas.com (8.9.1/8.9.1) id XAA32894; Sat, 18 Sep 1999 23:06:03 -0400 (EDT) (envelope-from jwd) From: "John W. DeBoskey" Message-Id: <199909190306.XAA32894@bb01f39.unx.sas.com> Subject: Re: seek to negative offset? kern/6184 In-Reply-To: From Vadim Kolontsov at "Aug 31, 1999 12: 6:11 pm" To: vadim@tversu.ru (Vadim Kolontsov) Date: Sat, 18 Sep 1999 23:06:03 -0400 (EDT) Cc: freebsd-hackers@freebsd.org, phk@freebsd.org, des@freebsd.org, jkoshy@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I've been running the following patch (which uses discreet tests vs a common temp off_t variable). Would someone please consider committing either this patch or the one given in the pr? It doesn't really matter to me, but I would like to see this bug put to rest. Comments welcome! Thanks, John ps: The following patch differs from the one given in the pr for the simple reason that I don't like making assumptions about overflow handling during math operations. In the patch below, L_XTND nolonger depends on overflow assumptions, but L_INCR still does. L_INCR really needs to be something like: if ((MAXFILESIZE - fp->f_offset) < SCARG(uap, offset)) return (EINVAL); but, I am not aware of a MAXFILESIZE definition unless I try to construct one using operations based on the sizeof() an off_t. Comments? patch by dagill@sas.com Index: vfs_syscalls.c =================================================================== RCS file: /mirror/ncvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.135 diff -u -r1.135 vfs_syscalls.c --- vfs_syscalls.c 1999/09/11 00:45:58 1.135 +++ vfs_syscalls.c 1999/09/19 02:48:59 @@ -1433,15 +1433,22 @@ return (ESPIPE); switch (SCARG(uap, whence)) { case L_INCR: + if ((fp->f_offset + SCARG(uap, offset)) < 0) + return (EINVAL); fp->f_offset += SCARG(uap, offset); break; case L_XTND: error=VOP_GETATTR((struct vnode *)fp->f_data, &vattr, cred, p); if (error) return (error); + if ((SCARG(uap, offset) < 0) && + ((-SCARG(uap, offset)) > vattr.va_size)) + return (EINVAL); fp->f_offset = SCARG(uap, offset) + vattr.va_size; break; case L_SET: + if (SCARG(uap, offset) < 0) + return (EINVAL); fp->f_offset = SCARG(uap, offset); break; default: > On Tue, Aug 24, 1999 at 04:25:26PM -0400, John W. DeBoskey wrote: > > > The subject says it all... We have some code that scans files > > backwards... > > > > In looking through /usr/src/sys/kern/vfs_syscalls.c I can't see > > where we do any validation on the resulting seek location... Do the > > appropriate folks think this is a bug? How about posix? Should I > > go ahead and submit a pr with a patch? > > I've just discovered kern/6184 (from Mar 1998, state: open). Seems like > patch which fixes it was never commited. > > V. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > > ------------------------------ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message