From: Bill Davidsen <davidsen@tmr.com>
To: Theodore Tso <tytso@mit.edu>, roel kluin <roel.kluin@gmail.com>,
davidsen@tmr.com, adilger@sun.com, linux-ext4@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] ext3, ext4: do_split() fix loop, with obvious unsigned wrap
Date: Tue, 02 Dec 2008 12:08:38 -0500 [thread overview]
Message-ID: <49356B96.7070900@tmr.com> (raw)
In-Reply-To: <20081202132441.GC16172@mit.edu>
Theodore Tso wrote:
> On Mon, Dec 01, 2008 at 02:28:25PM -0500, roel kluin wrote:
>
>> Fix loop, with obvious unsigned wrap
>>
>> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
>>
>
> Um, no. Sorry, I didn't have a chance to reply earlier but this is
> obviously wrong.
>
>
Sorry, you are reading it wrong, the i values inside the loop are
identical to those in the original. The value of i starts at count, and
the test comes *before* the value is used inside the loop. The values of
i inside the loop start at count-1 and go to zero, just as it did in the
original. That's why the "i--" is there, the test is on the
unincremented value range count to one, but the value inside the loop is
correct (or at least is the same as the original patch).
>> ---
>> diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
>> index 3e5edc9..b0dcfb3 100644
>> --- a/fs/ext3/namei.c
>> +++ b/fs/ext3/namei.c
>> @@ -1188,7 +1188,7 @@ static struct ext3_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
>> /* Split the existing block in the middle, size-wise */
>> size = 0;
>> move = 0;
>> - for (i = count-1; i >= 0; i--) {
>> + for (i = count; i--; ) {
>> /* is more than half of this entry in 2nd half of the block? */
>> if (size + map[i].size/2 > blocksize/2)
>> break;
>>
>
> Note that i is actually **used** in the loop? So changing the
> starting value of the counter without also adjusting all of the places
> where i is used will cause the code to break, and in hard to find
> ways...
>
>
As I said, the values used are identical, and the code works correctly.
> Given that there are two loop termination conditions, and in fact the
> one in the loop is the one that actually gets used 99% of the time
> (which is why we've never noticed the problem in real life), probably
> the best way of handling this is to recast it not as a for loop, but
> as a while loop.
>
> - Ted
>
>
--
Bill Davidsen <davidsen@tmr.com>
"Woe unto the statesman who makes war without a reason that will still
be valid when the war is over..." Otto von Bismark
next prev parent reply other threads:[~2008-12-02 17:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-01 19:28 [PATCH v2] ext3, ext4: do_split() fix loop, with obvious unsigned wrap roel kluin
2008-12-02 13:24 ` Theodore Tso
2008-12-02 17:08 ` Bill Davidsen [this message]
2008-12-02 19:47 ` Roel Kluin
2008-12-02 21:57 ` Theodore Tso
2008-12-02 23:17 ` Bill Davidsen
2008-12-03 14:25 ` Bill Davidsen
2008-12-03 6:05 ` Andrew Morton
2008-12-03 14:32 ` Bill Davidsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49356B96.7070900@tmr.com \
--to=davidsen@tmr.com \
--cc=adilger@sun.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roel.kluin@gmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.