Date: Mon, 11 Sep 2000 08:47:41 -0700 (PDT) From: bob@immure.com To: freebsd-gnats-submit@FreeBSD.org Subject: misc/21204: bit_ffc and bit_ffs macros in bitstring.h test 1 byte too many. Message-ID: <20000911154741.607AF37B423@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 21204
>Category: misc
>Synopsis: bit_ffc and bit_ffs macros in bitstring.h test 1 byte too many.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 11 08:50:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Bob Willcox
>Release: 4.0-stable
>Organization:
VIEO, Inc
>Environment:
FreeBSD sebulba.pmr.com 4.0-STABLE FreeBSD 4.0-STABLE #365: Sat Sep 9 08:55:18 CDT 2000 bob@sebulba.pmr.com:/usr/src/sys/compile/GPXTEST i386
>Description:
The bit_ffc and bit_ffs macros both contain a for loop where they check
for their loop ctr variable (_byte) for <_ to the end value (_stopbyte).
Unfortunately, _stopbyte is preloaded to the number of bytes in the
bit string, not the last valid index value. Consequently these macros
both process one too many bytes.
>How-To-Repeat:
Set all of the bits in the string and execute bit_ffc. You will observe
that it returns the index of _stopbyte (which is beyond the string).
You can also try this with an all clear bitstring and use bit_ffs.
I haven't actually tried this, since I discovered the bug when using
bit_ffc, but the loop conditions are identical in it so the bug no
doubt exists there as well.
>Fix:
Here is a patch that I installed that works for me:
--- /usr/include/bitstring.h Mon Feb 21 08:13:54 2000
+++ gpxbitstring.h Sat Sep 9 08:44:25 2000
@@ -115,7 +115,7 @@
register bitstr_t *_name = name; \
register int _byte, _nbits = nbits; \
register int _stopbyte = _bit_byte(_nbits), _value = -1; \
- for (_byte = 0; _byte <= _stopbyte; ++_byte) \
+ for (_byte = 0; _byte < _stopbyte; ++_byte) \
if (_name[_byte] != 0xff) { \
_value = _byte << 3; \
for (_stopbyte = _name[_byte]; (_stopbyte&0x1); \
@@ -130,7 +130,7 @@
register bitstr_t *_name = name; \
register int _byte, _nbits = nbits; \
register int _stopbyte = _bit_byte(_nbits), _value = -1; \
- for (_byte = 0; _byte <= _stopbyte; ++_byte) \
+ for (_byte = 0; _byte < _stopbyte; ++_byte) \
if (_name[_byte]) { \
_value = _byte << 3; \
for (_stopbyte = _name[_byte]; !(_stopbyte&0x1); \
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000911154741.607AF37B423>