Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Jun 2013 00:13:16 -0400
From: Rich Felker <>
Subject: Re: Use of size_t and ssize_t in mseek

On Fri, Jun 28, 2013 at 11:56:15AM +1000, Matthew Fernandez wrote:
> >>>Alternatively, I could adjust the arithmetic to just avoid working
> >>>with signed values, and perhaps make it more obvious what it's doing
> >>>in the process.
> >>
> >>I would also be happy with this solution. The code in mseek could
> >>definitely be clearer. Not that I don't enjoy switch statements written
> >>as offsets into stack structs and reverse jumps ;)
> >
> >Yes, I think this is probably the best solution, even if it makes the
> >function a few bytes larger. The code should be more clear.
> Thanks, Rich. I appreciate you taking the time to consider this issue.
> Apologies that it seems to have steamrolled into all the ways of
> constructing invalid objects and possibly bored everyone else on this
> list :)

Looking at the code to "fix" it now, I ran into a problem. :-)

If size_t is 64-bit, there is fundamentally no way a memory buffer (or
disk file) larger than SSIZE_MAX can be accessed, since off_t cannot
store the position in the file. I noticed this as soon as I went to

	case SEEK_SET:
		if (off < 0 || off > c->size) goto fail;

I could still salvage the 32-bit case by simply leaving the code alone
except for changing base to off_t, but I'm starting to remember why I
thought it was bogus to even consider allowing object sizes greater
than the signed size max...

Not sure what the best way to proceed is.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.