Xref: utzoo comp.bugs.4bsd:690 comp.unix.questions:5429 Path: utzoo!mnetor!uunet!husc6!hao!ames!amdahl!ptsfa!lll-tis!elxsi!beatnix!gww From: gww@beatnix.UUCP (Gary Winiger) Newsgroups: comp.bugs.4bsd,comp.unix.questions Subject: Re: Dbm library Message-ID: <683@elxsi.UUCP> Date: 30 Jan 88 19:01:08 GMT References: <580@xyzzy.UUCP> <3046@lll-winken.llnl.gov> Sender: nobody@elxsi.UUCP Reply-To: gww@beatnix.UUCP (Gary Winiger) Organization: ELXSI Super Computers, San Jose Lines: 78 Keywords: ndbm library In article <580@xyzzy.UUCP> meissner@.UUCP (Michael Meissner) writes: > I remember quite awhile ago, there was a discussion of problems in the > dbm library, particularly when it has to split an index node. Some time last September, I filed the following bug report and fix. Here it is again for all those who need it. The UCB VAX C compiler does not have this problem, because it doesn't treat sizeof as an unsigned. Gary.. {uunet,sun,lll-tis}!elxsi!gww Subject: dbm_store fails on first attempt to write .pag file. +Fix Index: libc/gen/ndbm.c 4.3BSD +Fix Description: dbm_store fails when the first .pag write is done. Repeat-By: mkpasswd passwd Fix: The comparison for .pag buffer overflow in additem fails to recognize overflow. This is due to the size_t (of sizeof) being unsigned, thus promoting the comparison to unsigned. The C standard, in C.3.3.4, states: ``... and its type (an unsigned integral type) is size_t.'' Casting sizeof to int resolves this problem at ELXSI. Gary.. {ucbvax!sun,lll-lcc!lll-tis,amdahl!altos86,bridge2}!elxsi!gww --------- cut --------- snip --------- :.,$w diff ------------- *** /tmp/,RCSt1000709 Fri Mar 27 17:12:31 1987 --- ndbm.c Fri Mar 27 17:12:12 1987 *************** *** 1,5 **** --- 1,10 ---- /* * $Log: ndbm.c,v $ + * Revision 1.2 87/03/27 17:08:45 gww + * Cast sizeof to int. This comparison will fail when i1 is < 0 because the + * type of sizeof (according to C standard C.3.3.4) is unsigned thus causing + * the comparison to fail because it is promoted to unsigned. + * * Revision 1.1 87/01/15 15:35:33 gww * Initial revision * *************** *** 11,17 **** */ #if defined(LIBC_SCCS) && !defined(lint) ! static char *ERcsId = "$Header: ndbm.c,v 1.1 87/01/15 15:35:33 gww Exp $ ENIX BSD"; static char sccsid[] = "@(#)ndbm.c 5.3 (Berkeley) 3/9/86"; #endif LIBC_SCCS and not lint --- 16,22 ---- */ #if defined(LIBC_SCCS) && !defined(lint) ! static char *ERcsId = "$Header: ndbm.c,v 1.2 87/03/27 17:08:45 gww Exp $ ENIX BSD"; static char sccsid[] = "@(#)ndbm.c 5.3 (Berkeley) 3/9/86"; #endif LIBC_SCCS and not lint *************** *** 503,509 **** if (i2 > 0) i1 = sp[i2]; i1 -= item.dsize + item1.dsize; ! if (i1 <= (i2+3) * sizeof(short)) return (0); sp[0] += 2; sp[++i2] = i1 + item1.dsize; --- 508,514 ---- if (i2 > 0) i1 = sp[i2]; i1 -= item.dsize + item1.dsize; ! if (i1 <= (i2+3) * (int)sizeof(short)) return (0); sp[0] += 2; sp[++i2] = i1 + item1.dsize;