From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 24249 invoked from network); 16 Nov 2021 16:18:34 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 16 Nov 2021 16:18:34 -0000
Received: (qmail 30230 invoked by uid 550); 16 Nov 2021 16:18:32 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 30198 invoked from network); 16 Nov 2021 16:18:31 -0000
Date: Tue, 16 Nov 2021 11:18:17 -0500
From: Rich Felker <dalias@libc.org>
To: "Minqiang Chen (ptpt52)" <ptpt52@gmail.com>
Cc: musl@lists.openwall.com
Message-ID: <20211116161817.GP7074@brightrain.aerifal.cx>
References: <1F85A2EF-1942-48CE-989E-7552970E6877@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1F85A2EF-1942-48CE-989E-7552970E6877@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [musl] BUG fix: mmap pass wrong offset to kernel

On Tue, Nov 16, 2021 at 11:56:57AM +0800, Minqiang Chen (ptpt52) wrote:
> From 146066a9794b8e39c53337b71a8476b86e79e7d4 Mon Sep 17 00:00:00 2001
> From: Chen Minqiang <ptpt52@gmail.com>
> Date: Mon, 16 Oct 2017 08:57:41 +0800
> Subject: [PATCH] musl: fix mmap pass wrong offset to kernel
> 
> on 32bit platform for example off_t x=0x8d9eb000, the x/4096 result
> is 0xfff8d9eb, but the sys_mmap2() is expecting 0x8d9eb to be pass to
> 
> this happens on 32bit platform or 64bit platform when
> x > = 0x80000000 (32bit platform)
> or
> x > = 0x8000000000000000 (64bit platform)
> 
> Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
> ---
>  src/mman/mmap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/mman/mmap.c b/src/mman/mmap.c
> index eff88d82..f225cdbb 100644
> --- a/src/mman/mmap.c
> +++ b/src/mman/mmap.c
> @@ -26,7 +26,7 @@ void *__mmap(void *start, size_t len, int prot, int flags, int fd, off_t off)
>                 __vm_wait();
>         }
>  #ifdef SYS_mmap2
> -       ret = __syscall(SYS_mmap2, start, len, prot, flags, fd, off/UNIT);
> +       ret = __syscall(SYS_mmap2, start, len, prot, flags, fd, (unsigned long)off/UNIT);
>  #else
>         ret = __syscall(SYS_mmap, start, len, prot, flags, fd, off);
>  #endif
> -- 
> 2.17.1

This patch is wrong and truncates offsets over 32-bit (drops all the
high bits). There is a bug here, but it's just that UNIT has the wrong
type. commit b5bbe797493ea732d4cac15619753c545ed392af introduced the
regression by making UNIT have type unsigned long long. It should have
a small signed type; just int is fine.

Rich