Re: Undefined Behavior in rw_verify_area() (was: sendfile(2) erroneously yields EINVAL on too large counts)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 04, 2024 at 04:09:26PM +0100, Alejandro Colomar wrote:
> Depending on the width of those types, the sum may be performed as
> 'loff_t' if `sizeof(loff_t) > sizeof(size_t)`, or as 'size_t' if
> `sizeof(loff_t) <= sizeof(size_t)`.  Since 'loff_t' is a 64-bit type,
> but 'size_t' can be either 32-bit or 64-bit, the former is possible.
> 
> In those platforms in which loff_t is wider, the addends are promoted to
> 'loff_t' before the sum.  And a sum of positive signed values can never
> be negative.  If the sum overflows (and the program above triggers
> such an overflow), the behavior is undefined.

Linux is compiled with -fwrapv so it is defined.






[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux