From: Alejandro Colomar <alx@kernel.org>
To: Jan Engelhardt <jengelh@inai.de>
Cc: linux-fsdevel@vger.kernel.org, linux-man@vger.kernel.org,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: sendfile(2) erroneously yields EINVAL on too large counts
Date: Sun, 10 Mar 2024 19:53:07 +0100 [thread overview]
Message-ID: <Ze4Bk6UJHVgraFct@debian> (raw)
In-Reply-To: <q17r66qo-87p4-n210-35n8-142rqn3s04r7@vanv.qr>
[-- Attachment #1: Type: text/plain, Size: 1096 bytes --]
On Sun, Mar 10, 2024 at 07:35:09PM +0100, Jan Engelhardt wrote:
> >The kernel detects that offset+count would overflow, and aborts early.
> >That's actually a good thing. Otherwise, we wouldn't have noticed that
> >the program is missing an lseek(2) call until much later.
> >addition of count+offset would cause overflow, that is, undefined
> >behavior, it's better to not even start. Otherwise, it gets tricky to
> >write code that doesn't invoke UB.
>
> While offset+count would overflow arithmetically, if the file is not larger
> than SSIZE_MAX, that should be just fine, because sendfile() stops at EOF
> like read() and does not read beyond EOF or produce extraneous NULs
> to the point that a huge file position would come about.
But you need a loop limit somewhere, as in
for (i = 0; i < offset+count && i < actual_size; i++)
And that could be problematic in some cases. It can make sense to be
paranoic and abort early. And it's easy to fix at call site, just by
subtracting offset to SSIZE_MAX.
Cheers,
Alex
--
<https://www.alejandro-colomar.es/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2024-03-10 18:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 13:49 sendfile(2) erroneously yields EINVAL on too large counts Jan Engelhardt
2024-03-04 13:52 ` Alejandro Colomar
2024-03-04 15:09 ` Undefined Behavior in rw_verify_area() (was: sendfile(2) erroneously yields EINVAL on too large counts) Alejandro Colomar
2024-03-04 15:22 ` Matthew Wilcox
2024-03-04 15:31 ` Alejandro Colomar
2024-03-10 18:35 ` sendfile(2) erroneously yields EINVAL on too large counts Jan Engelhardt
2024-03-10 18:53 ` Alejandro Colomar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ze4Bk6UJHVgraFct@debian \
--to=alx@kernel.org \
--cc=jengelh@inai.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).