Re: Use of size_t and ssize_t in mseek

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Rich Felker <dalias@aerifal.cx>
To: musl@lists.openwall.com
Subject: Re: Use of size_t and ssize_t in mseek
Date: Thu, 27 Jun 2013 11:05:48 -0400	[thread overview]
Message-ID: <20130627150548.GY29800@brightrain.aerifal.cx> (raw)
In-Reply-To: <20130627103521.GG15323@port70.net>

On Thu, Jun 27, 2013 at 12:35:22PM +0200, Szabolcs Nagy wrote:
> * Rich Felker <dalias@aerifal.cx> [2013-06-27 00:23:14 -0400]:
> > some reasonable error, but I still want to find and fix any remaining
> > places where objects larger than PTRDIFF_MAX could come into existence
> > since they affect other code too, and once those are fixed, the check
> > in fmemopen would be obsolete.
> > 
> > As far as I can tell, mmap and maybe shmat are the only functions that
> > might be able to make such large objects. Do you know any others?
> 
> void *p=sbrk(1<<30); sbrk(1<<30);

Using sbrk alongside anything else in the standard library invokes
horrible UB, so I don't really care about sbrk.

> or
> 
> int main() { char a[1U<<31]; }
> 
> it seems compilers dont like objects >=2G size either
> (is there a constraint for this in the standard?
> gcc even fails if the sum of the local objects are >=2G,
> but tcc, pcc generates code in that case)

There's not a constraint, but the compiler is providing a low quality
of implementation if it allows them, since its ptrdiff_t is too small
to work with them.

> i assume isoc would not allow this but you can concatenate
> address ranges:
> 
> char *p,*q;
> q = mmap(0, 1<<30, prot, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
> p = mmap(q-(1<<30), 1<<30, prot, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
> if (p && q && p == q-(1<<30)) {
> 
> now p points to a 2G continous address range
> you could even mprotect(p, 1U<<31, prot);

Formally these should probably be thought of as two objects where the
address of the element one past the end of the first happens to be
equal to the address of the second (which the C language allows). Of
course I agree it could be argued both ways. However, either way, this
kind of thing is sufficiently intentional and fragile that someone
doing it would expect breakage, I think. What I'm concerned about is
the possibility that someone could inadvertently obtain such an
object, e.g. via passing a size obtained from a file or from the
network to malloc, etc. But thanks for the thorough consideration of
the issue. :-)

Rich

next prev parent reply	other threads:[~2013-06-27 15:05 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-27  3:52 Matthew Fernandez
2013-06-27  4:10 ` Rich Felker
2013-06-27  4:16   ` Matthew Fernandez
2013-06-27  4:23     ` Rich Felker
2013-06-27  4:31       ` Matthew Fernandez
2013-06-27 15:34         ` Rich Felker
2013-06-28  0:49           ` Matthew Fernandez
2013-06-28  1:22             ` Rich Felker
2013-06-28  1:34               ` Matthew Fernandez
2013-06-28  1:48                 ` Rich Felker
2013-06-28  1:56                   ` Matthew Fernandez
2013-06-29  4:13                     ` Rich Felker
2013-06-29 13:38                       ` Matthew Fernandez
2013-06-29 14:17                         ` Rich Felker
2013-06-29 14:56                           ` Jens Gustedt
2013-06-29 15:48                             ` Rich Felker
2013-06-29 16:01                               ` Jens Gustedt
2013-06-29 16:13                                 ` Rich Felker
2013-06-29 16:39                                   ` Jens Gustedt
2013-07-04  1:28                                     ` Rich Felker
2013-07-04  6:11                                       ` Jens Gustedt
2013-07-04  6:37                                         ` Rich Felker
2013-07-04  7:11                                           ` Jens Gustedt
2013-07-04  8:12                                             ` Rich Felker
2013-07-04  8:45                                               ` Jens Gustedt
2013-07-04 15:24                                                 ` Rich Felker
2013-07-04 11:10                                               ` Szabolcs Nagy
2013-07-04 11:58                                                 ` Jens Gustedt
2013-07-04 15:26                                                 ` Rich Felker
2013-06-27 10:35       ` Szabolcs Nagy
2013-06-27 15:05         ` Rich Felker [this message]
2013-06-27 16:47       ` Rich Felker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130627150548.GY29800@brightrain.aerifal.cx \
    --to=dalias@aerifal.cx \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).