Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Jan 1996 12:04:31 -0600 (CST)
From:      "Mike Pritchard" <mpp@mpp.minn.net>
To:        bde@zeta.org.au (Bruce Evans)
Cc:        bde@zeta.org.au, m_tanaka@pa.yokogawa.co.jp, freebsd-hackers@freebsd.org
Subject:   Re: NFS trouble ?
Message-ID:  <199601241804.MAA00892@mpp.minn.net>
In-Reply-To: <199601241729.EAA29129@godzilla.zeta.org.au> from "Bruce Evans" at Jan 25, 96 04:29:47 am

next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans wrote:
> 
> >There are several other similar potentially overflowing multiplications is
> >nfs_bio.c.
> 
> Oops, it needs your fix too, although it might be better for it to crash
> than for it to attempt to copy a 1TB holey file to a 1TB non-holey file.
> It will probably do something bad for one of the overflows.  There's
> another one visible `(lbn * biosize)' and stupider ones a little later
> `diff = np->n_size - uio->uio_offset;' where the LHS has type `int' and
> the RHS has type u_quad_t (n_size has type u_quad_t and uio_offset has
> type off_t which happens to be quad_t).  Support for >= 2GB files should
> be disabled until all the overflows are fixed.

I think I'll go ahead an commit my fix with the off_t casts you mentioned
earlier - dunno why I didn't put them in myself, I remember noting
that myself when I wrote the fix.  The fix is still needed even if
support for files >= 2GB is disabled, since you still need the extra
check to prevent the result of the following computation from 
under/overflowing.

As for the "diff = ..." stuff:  then "diff" gets compared to other
variables that are type int and so on.  You could get a major headache
from trying to clean this stuff up.
-- 
Mike Pritchard
mpp@minn.net
"Go that way.  Really fast.  If something gets in your way, turn"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601241804.MAA00892>