From owner-freebsd-bugs  Thu May  2 16:30: 9 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7C7BE37B416
	for <freebsd-bugs@hub.freebsd.org>; Thu,  2 May 2002 16:30:03 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g42NU3s37620;
	Thu, 2 May 2002 16:30:03 -0700 (PDT)
	(envelope-from gnats)
Date: Thu, 2 May 2002 16:30:03 -0700 (PDT)
Message-Id: <200205022330.g42NU3s37620@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Bruce Evans <bde@zeta.org.au>
Subject: Re: kern/37677: off by 1 in $FreeBSD: src/sys/kern/subr_diskslice.c,v
 1.82.2.6
Reply-To: Bruce Evans <bde@zeta.org.au>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR kern/37677; it has been noted by GNATS.

From: Bruce Evans <bde@zeta.org.au>
To: Scott Bertilson <scott@nts.umn.edu>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/37677: off by 1 in $FreeBSD: src/sys/kern/subr_diskslice.c,v
 1.82.2.6
Date: Fri, 3 May 2002 09:26:37 +1000 (EST)

 On Thu, 2 May 2002, Scott Bertilson wrote:
 
 > >Description:
 > 	line 916:
 > 	|| pp->p_offset + pp->p_size > end
 > 	offset + size should always be 1 more than end
 
 No; p_offset + p_size is the sector after the last one in the partition, and
 it must be <= 'end' (which is the sector after the last one in the slice).
 The above checks the negation of `(pp->p_offset + pp->p_size) <= end'.
 
 > >How-To-Repeat:
 > 	ran into this while trying to get a drive with OpenBSD partitions to mount
 
 This seems to be a bug in the configuration of the OpenBSD partitions.
 
 > >Fix:
 >
 > 	|| (pp->p_offset + pp->p_size - 1) > end
 > 	as at line 948
 > 	(u_long)(pp->p_offset + pp->p_size - 1),
 
 No; this would introduce an off-by-1 error; it would permit partitions
 to extend 1 beyond the end of the slice.
 
 Line 948 is at best confusing.  It really prints the sector number of
 the last sector but calls it the end sector.  But internally, the "end"
 sector is always the one after the last.  Line 948 is just wrong for
 empty partitions.  The "end" (really last) sector is then one before
 the start.  E.g., start = 0, "end" = 4294967295.
 
 Bruce
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message