From: Paul Eggert <eggert@cs.ucla.edu>
To: Eli Zaretskii <eliz@gnu.org>
Cc: Jim Meyering <jim@meyering.net>, emacs-devel@gnu.org
Subject: Re: oops? read/write vs type of length parameter
Date: Tue, 12 Apr 2011 01:19:10 -0700 [thread overview]
Message-ID: <4DA40AFE.8050406@cs.ucla.edu> (raw)
In-Reply-To: <4DA3DDCD.10700@cs.ucla.edu>
On looking over that code again, a couple of issues
sprang out. First, emacs_read should act like emacs_write
with respect to sizes, but the code didn't do that.
Second, no caller should ever pass a negative size value
to either function, and callers should not rely on negative
sizes causing emacs_read and emacs_write to do nothing.
I added a runtime check for this, which I don't think
will ever fail, but I've been surprised in the past.
With that check in place we might as well use size_t for the size,
with the goal of removing the runtime checks once we have
carefully checked that they aren't needed.
Here's the patch I installed for that.
* sysdep.c (emacs_read, emacs_write): Check for negative sizes
since callers should never pass a negative size.
Change the signature to match that of plain 'read' and 'write'; see
<http://lists.gnu.org/archive/html/emacs-devel/2011-04/msg00397.html>.
* lisp.h: Update prototypes of emacs_write and emacs_read.
=== modified file 'src/lisp.h'
--- src/lisp.h 2011-04-10 20:43:08 +0000
+++ src/lisp.h 2011-04-12 08:05:04 +0000
@@ -3346,8 +3346,8 @@
extern void seed_random (long);
extern int emacs_open (const char *, int, int);
extern int emacs_close (int);
-extern ssize_t emacs_read (int, char *, ssize_t);
-extern ssize_t emacs_write (int, const char *, ssize_t);
+extern ssize_t emacs_read (int, char *, size_t);
+extern ssize_t emacs_write (int, const char *, size_t);
enum { READLINK_BUFSIZE = 1024 };
extern char *emacs_readlink (const char *, char [READLINK_BUFSIZE]);
#ifndef HAVE_MEMSET
=== modified file 'src/sysdep.c'
--- src/sysdep.c 2011-04-10 20:43:08 +0000
+++ src/sysdep.c 2011-04-12 08:05:09 +0000
@@ -1826,10 +1826,18 @@
}
ssize_t
-emacs_read (int fildes, char *buf, ssize_t nbyte)
+emacs_read (int fildes, char *buf, size_t nbyte)
{
register ssize_t rtnval;
+ /* Defend against the possibility that a buggy caller passes a negative NBYTE
+ argument, which would be converted to a large unsigned size_t NBYTE. This
+ defense prevents callers from doing large writes, unfortunately. This
+ size restriction can be removed once we have carefully checked that there
+ are no such callers. */
+ if ((ssize_t) nbyte < 0)
+ abort ();
+
while ((rtnval = read (fildes, buf, nbyte)) == -1
&& (errno == EINTR))
QUIT;
@@ -1837,13 +1845,17 @@
}
ssize_t
-emacs_write (int fildes, const char *buf, ssize_t nbyte)
+emacs_write (int fildes, const char *buf, size_t nbyte)
{
register ssize_t rtnval, bytes_written;
+ /* Defend against negative NBYTE, as in emacs_read. */
+ if ((ssize_t) nbyte < 0)
+ abort ();
+
bytes_written = 0;
- while (nbyte > 0)
+ while (nbyte != 0)
{
rtnval = write (fildes, buf, nbyte);
next prev parent reply other threads:[~2011-04-12 8:19 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-11 8:55 oops? read/write vs type of length parameter Jim Meyering
2011-04-11 9:44 ` Eli Zaretskii
2011-04-11 11:08 ` Jim Meyering
2011-04-11 11:28 ` David Kastrup
2011-04-11 11:52 ` Eli Zaretskii
2011-04-11 12:27 ` Jim Meyering
2011-04-11 12:31 ` David Kastrup
2011-04-11 21:54 ` Jim Meyering
2011-04-12 4:44 ` Eli Zaretskii
2011-04-12 13:24 ` Ted Zlatanov
2011-04-12 13:29 ` Eli Zaretskii
2011-04-12 14:47 ` Ted Zlatanov
2011-04-12 17:00 ` Large file support (was: oops? read/write vs type of length parameter) Eli Zaretskii
2011-04-14 20:57 ` oops? read/write vs type of length parameter Michael Welsh Duggan
2011-04-11 14:02 ` Eli Zaretskii
2011-04-11 11:40 ` Stephen J. Turnbull
2011-04-11 13:58 ` Eli Zaretskii
2011-04-12 1:16 ` Paul Eggert
2011-04-12 3:01 ` Eli Zaretskii
2011-04-12 5:06 ` Paul Eggert
2011-04-12 5:46 ` Eli Zaretskii
2011-04-12 8:19 ` Paul Eggert [this message]
2011-04-12 9:41 ` Eli Zaretskii
2011-04-12 15:53 ` Paul Eggert
2011-04-12 16:56 ` Eli Zaretskii
2011-04-12 23:55 ` Juanma Barranquero
2011-04-13 5:14 ` Paul Eggert
2011-04-13 6:31 ` Jim Meyering
2011-04-13 6:37 ` Eli Zaretskii
2011-04-13 8:15 ` Paul Eggert
2011-04-13 9:46 ` Eli Zaretskii
2011-04-13 16:06 ` Paul Eggert
2011-04-13 17:22 ` Eli Zaretskii
2011-04-13 19:31 ` Paul Eggert
2011-04-13 19:59 ` PJ Weisberg
2011-04-14 4:49 ` Eli Zaretskii
2011-04-13 20:02 ` Paul Eggert
2011-04-13 6:49 ` Eli Zaretskii
2011-04-13 14:35 ` Ted Zlatanov
2011-04-15 13:13 ` Ted Zlatanov
2011-04-15 16:34 ` Paul Eggert
2011-04-15 18:20 ` Ted Zlatanov
2011-04-15 1:29 ` Stefan Monnier
2011-04-15 8:55 ` Paul Eggert
2011-04-15 9:41 ` Eli Zaretskii
2011-04-15 10:24 ` Paul Eggert
2011-04-12 12:32 ` Davis Herring
2011-04-12 13:38 ` Eli Zaretskii
2011-04-12 15:43 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DA40AFE.8050406@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=jim@meyering.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.