Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Jun 2013 13:52:01 +1000
From: Matthew Fernandez <matthew.fernandez@...ta.com.au>
To: <musl@...ts.openwall.com>
Subject: Use of size_t and ssize_t in mseek

Hi all,

My question refers to the latest git commit at time of writing,
b17c75a4d539d7ec5b81cc7ce7ce6b065a87e7a6. My issue was encountered on
ARM, but it applies to most 32-bit platforms.

The function mseek() accesses a size_t variable, c->size, and casts this
to a ssize_t. I know there aren't strong standards on what to expect
from ssize_t, but the Musl C constants SIZE_MAX (== UINT32_MAX) and
SSIZE_MAX (== LONG_MAX) seem to imply that you would be wise to assume
ssize_t is signed and the same width as size_t.

As a result, the cast I mentioned produces some unexpected results when
operating on a file of size greater than SSIZE_MAX. In my case I had an
in-memory file of size SIZE_MAX and was surprised to find I couldn't
fseek this file.

Is the code in mseek() correct? If so, I would recommend failing
fmemopen() when the requested size is greater than SSIZE_MAX. OTOH
perhaps I'm misunderstanding something more subtle here. If so, please
correct me.

Thanks,
Matthew

[It is perhaps worth noting that, yes, a UINT32_MAX-sized in-memory file
on a 32-bit platform is a bit odd. In my case I don't know how big the
file is until I've read its header. You could object that this is
unwise, but either way I believe fmemopen/mseek should handle this case.]

________________________________

The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.