PATCH: ctdb: buffer write beyond limits

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Feb 19 10:02:18 UTC 2019

On Tue, Feb 19, 2019 at 10:53:41AM +0100, swen wrote:
> the code is right if the following facts are taken into account.
> 2. length is defined as unsigned int and will get assigned at most MAX_SIGNED_INT(num_ready)
> 3. offset is initially zero and will only grow as much as length is shrinking (=>code)
> 	=> therefore, offset + length are at most MAX_SIGNED_INT. Guaranteed !
> 4. If then another (guaranteed positive) signed integer (here num_ready) is added we simply
>    cannot overflow an unsigned int because 
> Taken those simple maths into account, I hope you can agree to the code.

No, I do not agree. There is a simple boiler plate to do a checked
addition, and a simple boiler plate to do checked subtraction. Please
do it that way.

Thanks, Volker

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-370000-0, mailto:kontakt at
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 -

More information about the samba-technical mailing list