From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: oops? read/write vs type of length parameter
Date: Wed, 13 Apr 2011 02:49:00 -0400
Message-ID: <E1Q9tsq-0008U5-H7@fencepost.gnu.org>
References: <87wrj1jhfc.fsf@rho.meyering.net>	<E1Q9DfN-00007M-08@fencepost.gnu.org>	<87hba5yq0p.fsf@uwakimon.sk.tsukuba.ac.jp>	<834o64sxd7.fsf@gnu.org>
	<4DA3A7F8.1020503@cs.ucla.edu>	<83k4f0qijz.fsf@gnu.org>
	<4DA3DDCD.10700@cs.ucla.edu>	<4DA40AFE.8050406@cs.ucla.edu>	<E1Q9a69-0004AT-Gc@fencepost.gnu.org>
	<4DA47581.9010509@cs.ucla.edu> <4DA53148.5000903@cs.ucla.edu>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: lo.gmane.org
X-Trace: dough.gmane.org 1302677353 29528 80.91.229.12 (13 Apr 2011 06:49:13 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 13 Apr 2011 06:49:13 +0000 (UTC)
Cc: jim@meyering.net, emacs-devel@gnu.org
To: Paul Eggert <eggert@cs.ucla.edu>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Apr 13 08:49:09 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Q9tsx-0003no-6B
	for ged-emacs-devel@m.gmane.org; Wed, 13 Apr 2011 08:49:07 +0200
Original-Received: from localhost ([::1]:48868 helo=lists2.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Q9tsu-000427-FX
	for ged-emacs-devel@m.gmane.org; Wed, 13 Apr 2011 02:49:04 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:55749)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1Q9tss-00041u-7M
	for emacs-devel@gnu.org; Wed, 13 Apr 2011 02:49:03 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1Q9tsq-00012i-Tr
	for emacs-devel@gnu.org; Wed, 13 Apr 2011 02:49:02 -0400
Original-Received: from fencepost.gnu.org ([140.186.70.10]:37445)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1Q9tsq-00012d-S8
	for emacs-devel@gnu.org; Wed, 13 Apr 2011 02:49:00 -0400
Original-Received: from eliz by fencepost.gnu.org with local (Exim 4.71)
	(envelope-from <eliz@gnu.org>)
	id 1Q9tsq-0008U5-H7; Wed, 13 Apr 2011 02:49:00 -0400
In-reply-to: <4DA53148.5000903@cs.ucla.edu> (message from Paul Eggert on Tue, 
	12 Apr 2011 22:14:48 -0700)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.10
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:138455
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/138455>

> Date: Tue, 12 Apr 2011 22:14:48 -0700
> From: Paul Eggert <eggert@cs.ucla.edu>
> CC: jim@meyering.net, emacs-devel@gnu.org
> 
> And Eli, this avoids the problem where the size is so large that a
> signed return value would overflow and become negative.

The concern was not only about that.  It was also about a mistaken
call to emacs_write with a negative value in the last argument.  Using
size_t there will cause that negative value to appear as a large
positive value within emacs_write, and will potentially crash Emacs
because the call to write will try to reference memory outside of the
Emacs address space.

That danger still exists with your proposed version of emacs_write,
AFAICS.  At the very least, we should have at the beginning of
emacs_write something like this:

  if ((ssize_t) nbyte < 0)
    return nbyte;