https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206804
Bug ID: 206804
Summary: Inconsistent type handling for sizes in sbuf code
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Definition of `struct sbuf` in `/sys/sys/sbuf.h`:
struct sbuf {
char *s_buf; /* storage buffer */
sbuf_drain_func *s_drain_func; /* drain function */
void *s_drain_arg; /* user-supplied drain argument */
int s_error; /* current error code */
ssize_t s_size; /* size of storage buffer */
ssize_t s_len; /* current length of string */
#define SBUF_FIXEDLEN 0x00000000 /* fixed length buffer (default) */
#define SBUF_AUTOEXTEND 0x00000001 /* automatically extend buffer */
#define SBUF_INCLUDENUL 0x00000002 /* nulterm byte is counted in len */
#define SBUF_USRFLAGMSK 0x0000ffff /* mask of flags the user may specify
*/
#define SBUF_DYNAMIC 0x00010000 /* s_buf must be freed */
#define SBUF_FINISHED 0x00020000 /* set by sbuf_finish() */
#define SBUF_DYNSTRUCT 0x00080000 /* sbuf must be freed */
#define SBUF_INSECTION 0x00100000 /* set by sbuf_start_section() */
int s_flags; /* flags */
ssize_t s_sect_len; /* current length of section */
};
All sizes and lengths, such as `s_size`, are of type `ssize_t`.
However some functions in `sys/kern/subr_sbuf.c` incorrectly treat these sizes
as `int` which could lead to unexpected truncation on platforms where
`sizeof(int)` !== `sizeof(ssize_t)`:
struct sbuf *
sbuf_new(struct sbuf *s, char *buf, int length, int flags)
{
...
sbuf_newbuf(s, buf, length, flags);
...
}
static struct sbuf *
sbuf_newbuf(struct sbuf *s, char *buf, int length, int flags)
{
...
s->s_size = length;
...
}
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
