Florian Weimer's April 5 post asserts that the origin of this bug is an integer overflow in multiplication (clusters*fs->cluster_size).
The canonical check for such overflow (within the constructs of ANSI C) is well known to regular readers of comp.lang.c. It goes something like this: #define OVERFLOW(c,a,b) ((b) != 0 && ((c)/(b) != (a))) result = clusters * fs->cluster_size; if (OVERFLOW(result, clusters, fs->cluster_size)) { /* error handling */ } else { /* safe to use result */ } This is guaranteed by the C standard to be correct as long as clusters, fs->cluster_size, and result are all unsigned integers. I posted a fix to another recent Debian bug (417862) of this type, using this technique. I don't have any DOS filesystems around, so I won't volunteer to write and test a patch here. But it's not conceptually hard. - Larry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]