PATCH: ctdb: buffer write beyond limits
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Feb 19 10:02:18 UTC 2019
On Tue, Feb 19, 2019 at 10:53:41AM +0100, swen wrote:
> the code is right if the following facts are taken into account.
> 1. MAX_SIGNED_INT = MAX_UNSIGNED_INT/2 - 1
> 2. length is defined as unsigned int and will get assigned at most MAX_SIGNED_INT(num_ready)
> 3. offset is initially zero and will only grow as much as length is shrinking (=>code)
> => therefore, offset + length are at most MAX_SIGNED_INT. Guaranteed !
> 4. If then another (guaranteed positive) signed integer (here num_ready) is added we simply
> cannot overflow an unsigned int because
> MAX_SIGNED_INT + MAX_SIGNED_INT = MAX_UNSIGNED_INT - 2
>
> Taken those simple maths into account, I hope you can agree to the code.
No, I do not agree. There is a simple boiler plate to do a checked
addition, and a simple boiler plate to do checked subtraction. Please
do it that way.
Thanks, Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-370000-0, mailto:kontakt at sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de
More information about the samba-technical
mailing list