From: utzoo!decvax!harpo!eagle!mhuxt!mhuxa!houxm!5941ux!machaids!hocda!spanky!ihnp4!stolaf!sys
Newsgroups: net.unix-wizards,net.bugs
Title: Re: bug in du(1) (also in find(1)!!!)
Article-I.D.: stolaf.886
Posted: Tue Apr 19 19:25:03 1983
Received: Thu May  5 17:57:37 1983


The problem stated is that for a directory with some large unknown number
of files, only the directory size was reported, rather than the sum of it's
childrens sizes.

The magic number here is 2048.  If you have that many or more entries in
a directory (including deleted entries), du will not search the directory,
nor will find(1) recurse down into that directory.  well, it happens that
2048*16=32768 = 2^15 which is greater than 2^15-1, the largest number
you can put into a 16 bit signed integer.  It seems that we have some
code like: (there are a couple of lines between them)

	dirsize = statb.st_size;
	for(offset = 0; offset < dirsize; offset += 512) {

Well, it seems that both dirsize and offset are declared to be ints,
but statb.st_size is declared to be of type off_t.  so if statb.st_size
is > 2^15, dirsize  becomes negative, thus the loop is never entered.

This bug is very simple to fix.  In both du.c and find.c, in the function
descend(), change the declarations of dirsize and offset from int to off_t.
On VAXes an int is 32 bits, so it shouldn't matter, but you probably
should change it just to make things look right.
		-Dave Borman
		ihnp4!stolaf!borman