[PATCH 4/9] auditsc: test below 0 on unsigned ino

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 4/9] auditsc: test below 0 on unsigned ino
@ 2008-07-22  0:29 roel kluin
  2008-07-22  2:13 ` Al Viro
  0 siblings, 1 reply; 2+ messages in thread
From: roel kluin @ 2008-07-22  0:29 UTC (permalink / raw)
  To: viro; +Cc: linux-kernel

ino is unsigned so the test didn't work.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
---
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c10e7aa..dc8e0a4 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -286,7 +286,7 @@ static int audit_match_filetype(struct audit_context *ctx, int which)
 	mode_t mode = which & S_IFMT;
 	if (index >= ctx->name_count)
 		return 0;
-	if (ctx->names[index].ino == -1)
+	if (ctx->names[index].ino == -1ul)
 		return 0;
 	if ((ctx->names[index].mode ^ mode) & S_IFMT)
 		return 0;

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH 4/9] auditsc: test below 0 on unsigned ino
  2008-07-22  0:29 [PATCH 4/9] auditsc: test below 0 on unsigned ino roel kluin
@ 2008-07-22  2:13 ` Al Viro
  0 siblings, 0 replies; 2+ messages in thread
From: Al Viro @ 2008-07-22  2:13 UTC (permalink / raw)
  To: roel kluin; +Cc: linux-kernel

On Mon, Jul 21, 2008 at 08:29:16PM -0400, roel kluin wrote:
> ino is unsigned so the test didn't work.
                              ^^^^^^^^^^^

Kindly report the way to reproduce your remarkable observation.  Do not
forget to include the compiler version, since the following two lines

> -	if (ctx->names[index].ino == -1)
> +	if (ctx->names[index].ino == -1ul)

are equivalent.  -1 is an expression of type int.  ctx->names[index].ino
is an expression of type unsigned long.  If both operands of a comparison
operator have arithmetic types, the usual arithmetic conversions (see 6.3.1.8)
are applied to the operands.  In this case, both types are integer ones and
not modified by integer promotions.  One is signed, another is unsigned and
the rank of unsigned one is greater or equal to that of the signed one
(rank(unsigned long) = rank(signed long) > rank(signed int)).  Therefore,
the operand with signed integer type (-1) is converted to the type of
argument with unsigned integer type.  Then they are compared.

In the second case both operands have the same integer type (unsigned long)
and comparison is done without any conversions.

Proof that (unsigned long)-1 and -1ul have the same value (namely, the maximal
value that can be represented in unsigned long) is left as an exercise for
reader.

Assuming that you have indeed observed a case when results of these tests
differed, you have found a blatant non-compliance of whatever C compiler
you were using.  I am sure that maintainers of that compiler would like to
see your bug report, especially since you already have a reproducer.  So
would everybody else, to know which version to avoid.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-07-22  2:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-22  0:29 [PATCH 4/9] auditsc: test below 0 on unsigned ino roel kluin
2008-07-22  2:13 ` Al Viro

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox