Date: Wed, 24 Jan 1996 12:04:31 -0600 (CST) From: "Mike Pritchard" <mpp@mpp.minn.net> To: bde@zeta.org.au (Bruce Evans) Cc: bde@zeta.org.au, m_tanaka@pa.yokogawa.co.jp, freebsd-hackers@freebsd.org Subject: Re: NFS trouble ? Message-ID: <199601241804.MAA00892@mpp.minn.net> In-Reply-To: <199601241729.EAA29129@godzilla.zeta.org.au> from "Bruce Evans" at Jan 25, 96 04:29:47 am
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans wrote: > > >There are several other similar potentially overflowing multiplications is > >nfs_bio.c. > > Oops, it needs your fix too, although it might be better for it to crash > than for it to attempt to copy a 1TB holey file to a 1TB non-holey file. > It will probably do something bad for one of the overflows. There's > another one visible `(lbn * biosize)' and stupider ones a little later > `diff = np->n_size - uio->uio_offset;' where the LHS has type `int' and > the RHS has type u_quad_t (n_size has type u_quad_t and uio_offset has > type off_t which happens to be quad_t). Support for >= 2GB files should > be disabled until all the overflows are fixed. I think I'll go ahead an commit my fix with the off_t casts you mentioned earlier - dunno why I didn't put them in myself, I remember noting that myself when I wrote the fix. The fix is still needed even if support for files >= 2GB is disabled, since you still need the extra check to prevent the result of the following computation from under/overflowing. As for the "diff = ..." stuff: then "diff" gets compared to other variables that are type int and so on. You could get a major headache from trying to clean this stuff up. -- Mike Pritchard mpp@minn.net "Go that way. Really fast. If something gets in your way, turn"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601241804.MAA00892>