From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 2/2] xap_helper.h: avoid some off_t vs size_t problems
Date: Mon, 27 Nov 2023 21:54:39 +0000 [thread overview]
Message-ID: <20231127215439.91487-3-e@80x24.org> (raw)
In-Reply-To: <20231127215439.91487-1-e@80x24.org>
We'll introduce a helper to cast off_t to size_t consistently
for mmap/munmap/calloc calls which require size_t. Also, an
extra check for multiplication overflow can be helpful just
in case we end up with a gigantic file roots file.
---
lib/PublicInbox/xap_helper.h | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/lib/PublicInbox/xap_helper.h b/lib/PublicInbox/xap_helper.h
index 1d8437c9..5816c24c 100644
--- a/lib/PublicInbox/xap_helper.h
+++ b/lib/PublicInbox/xap_helper.h
@@ -360,6 +360,13 @@ static void xclose(int fd)
EABORT("BUG: close");
}
+static size_t off2size(off_t n)
+{
+ if (n < 0 || (uintmax_t)n > SIZE_MAX)
+ ABORT("off_t out of size_t range: %lld\n", (long long)n);
+ return (size_t)n;
+}
+
#define CLEANUP_DUMP_ROOTS __attribute__((__cleanup__(dump_roots_ensure)))
static void dump_roots_ensure(void *ptr)
{
@@ -367,8 +374,9 @@ static void dump_roots_ensure(void *ptr)
if (drt->root2off_fd >= 0)
xclose(drt->root2off_fd);
hdestroy(); // idempotent
- if (drt->mm_ptr && munmap(drt->mm_ptr, drt->sb.st_size))
- EABORT("BUG: munmap(%p, %zu)", drt->mm_ptr, drt->sb.st_size);
+ size_t size = off2size(drt->sb.st_size);
+ if (drt->mm_ptr && munmap(drt->mm_ptr, size))
+ EABORT("BUG: munmap(%p, %zu)", drt->mm_ptr, size);
free(drt->entries);
fbuf_ensure(&drt->wbuf);
}
@@ -516,20 +524,18 @@ static bool cmd_dump_roots(struct req *req)
// each entry is at least 43 bytes ({OIDHEX}\0{INT}\0),
// so /32 overestimates the number of expected entries by
// ~%25 (as recommended by Linux hcreate(3) manpage)
- size_t est = (drt.sb.st_size / 32) + 1; //+1 for "\0" termination
- if ((uint64_t)drt.sb.st_size > (uint64_t)SIZE_MAX)
- err(EXIT_FAILURE, "%s size too big (%lld bytes > %zu)",
- root2off_file, (long long)drt.sb.st_size, SIZE_MAX);
- drt.mm_ptr = mmap(NULL, drt.sb.st_size, PROT_READ,
+ size_t size = off2size(drt.sb.st_size);
+ size_t est = (size / 32) + 1; //+1 for "\0" termination
+ drt.mm_ptr = mmap(NULL, size, PROT_READ,
MAP_PRIVATE, drt.root2off_fd, 0);
if (drt.mm_ptr == MAP_FAILED)
- err(EXIT_FAILURE, "mmap(%zu, %s)",
- drt.sb.st_size, root2off_file);
- drt.entries = (char **)calloc(est * 2, sizeof(char *));
+ err(EXIT_FAILURE, "mmap(%zu, %s)", size, root2off_file);
+ size_t asize = est * 2;
+ if (asize < est) ABORT("too many entries: %zu", est);
+ drt.entries = (char **)calloc(asize, sizeof(char *));
if (!drt.entries)
err(EXIT_FAILURE, "calloc(%zu * 2, %zu)", est, sizeof(char *));
- size_t tot = split2argv(drt.entries, (char *)drt.mm_ptr,
- drt.sb.st_size, est * 2);
+ size_t tot = split2argv(drt.entries, (char *)drt.mm_ptr, size, asize);
if (tot <= 0) return false; // split2argv already warned on error
if (!hcreate(est))
err(EXIT_FAILURE, "hcreate(%zu)", est);
prev parent reply other threads:[~2023-11-27 21:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-27 21:54 [PATCH 0/2] xap_helper C++ fixes Eric Wong
2023-11-27 21:54 ` [PATCH 1/2] xap_helper: avoid strerror(3) inside signal handler Eric Wong
2023-11-27 21:54 ` Eric Wong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231127215439.91487-3-e@80x24.org \
--to=e@80x24.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).