From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/3485 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Use of size_t and ssize_t in mseek Date: Sat, 29 Jun 2013 00:13:16 -0400 Message-ID: <20130629041316.GG29800@brightrain.aerifal.cx> References: <20130627041028.GV29800@brightrain.aerifal.cx> <51CBBC8F.5050301@nicta.com.au> <20130627042314.GW29800@brightrain.aerifal.cx> <51CBC034.7030001@nicta.com.au> <20130627153429.GZ29800@brightrain.aerifal.cx> <51CCDDA5.5050503@nicta.com.au> <20130628012209.GD29800@brightrain.aerifal.cx> <51CCE81F.4000403@nicta.com.au> <20130628014815.GE29800@brightrain.aerifal.cx> <51CCED3F.3080303@nicta.com.au> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1372479211 12857 80.91.229.3 (29 Jun 2013 04:13:31 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 29 Jun 2013 04:13:31 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-3489-gllmg-musl=m.gmane.org@lists.openwall.com Sat Jun 29 06:13:32 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1UsmXT-0006SI-1a for gllmg-musl@plane.gmane.org; Sat, 29 Jun 2013 06:13:31 +0200 Original-Received: (qmail 3378 invoked by uid 550); 29 Jun 2013 04:13:29 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 3370 invoked from network); 29 Jun 2013 04:13:29 -0000 Content-Disposition: inline In-Reply-To: <51CCED3F.3080303@nicta.com.au> User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:3485 Archived-At: On Fri, Jun 28, 2013 at 11:56:15AM +1000, Matthew Fernandez wrote: > >>>Alternatively, I could adjust the arithmetic to just avoid working > >>>with signed values, and perhaps make it more obvious what it's doing > >>>in the process. > >> > >>I would also be happy with this solution. The code in mseek could > >>definitely be clearer. Not that I don't enjoy switch statements written > >>as offsets into stack structs and reverse jumps ;) > > > >Yes, I think this is probably the best solution, even if it makes the > >function a few bytes larger. The code should be more clear. > > Thanks, Rich. I appreciate you taking the time to consider this issue. > Apologies that it seems to have steamrolled into all the ways of > constructing invalid objects and possibly bored everyone else on this > list :) Looking at the code to "fix" it now, I ran into a problem. :-) If size_t is 64-bit, there is fundamentally no way a memory buffer (or disk file) larger than SSIZE_MAX can be accessed, since off_t cannot store the position in the file. I noticed this as soon as I went to write: case SEEK_SET: if (off < 0 || off > c->size) goto fail; I could still salvage the 32-bit case by simply leaving the code alone except for changing base to off_t, but I'm starting to remember why I thought it was bogus to even consider allowing object sizes greater than the signed size max... Not sure what the best way to proceed is. Rich