[PATCH] fadvise(2) system call
John Baldwin
jhb at freebsd.org
Wed Nov 2 19:22:45 UTC 2011
On Wednesday, November 02, 2011 2:11:41 pm Jilles Tjoelker wrote:
> On Mon, Oct 31, 2011 at 10:24:07AM -0400, John Baldwin wrote:
> > > The comparisons
>
> > > + (fa->fa_start != 0 && fa->fa_start == end + 1) ||
> > > + (uap->offset != 0 && fa->fa_end + 1 == uap->offset))) {
>
> > > should instead be something like
>
> > > + (end != OFF_MAX && fa->fa_start == end + 1) ||
> > > + (fa->fa_end != OFF_MAX && fa->fa_end + 1 == uap->offset))) {
>
> > > to avoid integer overflow.
>
> > Hmm, but the expressions will still work in that case, yes? I already
> > check for uap->offset and uap->len being negative earlier (so fa_start
> > and fa_end are always positive), and off_t is signed, so if end is
> > OFF_MAX, then end + 1 will certainly not == fa_start?
>
> Signed integer overflow is undefined behaviour; therefore, if you write
> end + 1 without checking that end != OFF_MAX, the compiler may assume
> that end != OFF_MAX. Whether the compiler will take advantage of this in
> ways that cause breakage is another question. For example, if there were
> a subsequent check for end != OFF_MAX, the compiler would be allowed to
> remove that check. I think it is best not to risk it.
Ok.
--
John Baldwin
More information about the freebsd-arch
mailing list