Florian Weimer's April 5 post asserts that the origin of
this bug is an integer overflow in multiplication
(clusters*fs->cluster_size).
The canonical check for such overflow (within the constructs
of ANSI C) is well known to regular readers of comp.lang.c.
It goes something like this:
#define OVERFLOW(c,a,b) ((b) != 0 && ((c)/(b) != (a)))
result = clusters * fs->cluster_size;
if (OVERFLOW(result, clusters, fs->cluster_size)) {
/* error handling */
} else {
/* safe to use result */
}
This is guaranteed by the C standard to be correct as long as
clusters, fs->cluster_size, and result are all unsigned integers.
I posted a fix to another recent Debian bug (417862) of this
type, using this technique. I don't have any DOS filesystems
around, so I won't volunteer to write and test a patch here.
But it's not conceptually hard.
- Larry
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
