>>>>> "Greg" == Greg Troxel <[EMAIL PROTECTED]> writes:
Greg> But if the constant or the data type changes the code will
Greg> be wrong and have a potential security issue.
I came to the same conclusion about some code in XEmacs recently.
Here I have to wonder if this warning doesn't expose a different bug,
namely, that vdir->d_namlen is too small a type to detect a buffer
overflow when it occurs! (Logical possibility only, of course Jan
would never permit such a thing! ;-)
Greg> I wonder if one can cast the left hand variable to (unsigned
Greg> int) and avoid the warning more safely?
I couldn't really justify that, the code in question is in the inner
loop for a lot of operations---we _want_ it optimized away. Maybe
that's not an issue here. FWIW here are two other options I considered:
/* validate whether the directory file actually makes sense */
if (vdir->d_reclen < vdir_size + vdir->d_namlen
#if sizeof(vdir->d_namlen) != sizeof(unsigned char)
|| vdir->d_namlen > CODA_MAXNAMLEN)
#endif
{
printk("coda_venus_readdir: Invalid dir: %ld\n",
filp->f_dentry->d_inode->i_ino);
ret = -EBADF;
*or* (abbreviated)
#if sizeof(vdir->d_namlen) != sizeof(unsigned char)
#error !!!!! sizeof(vdir->d_namlen) has changed, audit code using it !!!!!
#endif
But both of those are uglier than the warning. ;-)
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
