From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from huawei.com (szxga04-in.huawei.com [45.249.212.190]) by sourceware.org (Postfix) with ESMTPS id 318C53857C4A for ; Sun, 16 Aug 2020 08:53:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 318C53857C4A Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nixiaoming@huawei.com Received: from DGGEMS414-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 5643BB67617DE8967710; Sun, 16 Aug 2020 16:53:54 +0800 (CST) Received: from [127.0.0.1] (10.67.102.197) by DGGEMS414-HUB.china.huawei.com (10.3.19.214) with Microsoft SMTP Server id 14.3.487.0; Sun, 16 Aug 2020 16:53:50 +0800 Subject: Re: [PATCH] io:nftw/ftw:fix stack overflow when large nopenfd [BZ #26353] From: Xiaoming Ni To: Paul Eggert CC: References: <20200808084640.49174-1-nixiaoming@huawei.com> <467877bb-172d-b08c-c91b-d95a65c3c31c@cs.ucla.edu> <0da2382b-46b4-a49e-e85b-6560118fc695@huawei.com> Message-ID: <4c546f80-4e85-cbe1-3535-826818ebcf47@huawei.com> Date: Sun, 16 Aug 2020 16:53:50 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.0.1 MIME-Version: 1.0 In-Reply-To: <0da2382b-46b4-a49e-e85b-6560118fc695@huawei.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.67.102.197] X-CFilter-Loop: Reflected X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, BODY_8BITS, GIT_PATCH_0, KAM_DMARC_STATUS, NICE_REPLY_A, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Aug 2020 08:54:01 -0000 On 2020/8/14 19:14, Xiaoming Ni wrote: > On 2020/8/14 4:32, Paul Eggert wrote: >> The patch isn't complete, since it doesn't check for integer overflow >> when multiplying data.maxdir by sizeof (struct dir_data *), where the >> function should also fail with errno == ENOMEM. You can check for >> overflow via intprops.h's INT_MULTIPLY_WRAPV (data.maxdir, sizeof >> (struct dir_data *)), &x) where x is of type size_t. >> > diff --git a/io/ftw.c b/io/ftw.c > index 8c79d29a9e..094aada50c 100644 > --- a/io/ftw.c > +++ b/io/ftw.c > @@ -643,18 +643,32 @@ ftw_startup (const char *dir, int is_nftw, void > *func, int descriptors, >        __set_errno (ENOENT); >        return -1; >      } > +  if (descriptors > getdtablesize()) > +    { > +      __set_errno (EINVAL); > +      return -1; > +    } > linux/include/uapi/linux/fs.h:38:#define INR_OPEN_MAX 4096   /* Hard > limit for nfile rlimits */ > > When data.maxdir is less than getdtablesize(), is there still a > possibility that integer overflow occurs in data.maxdir * sizeof (struct > dir_data *)? > on linux: The maximum number of process file handles is sysctl_nr_open. /proc/sys/fs/nr_open The maximum value is sysctl_nr_open_max. fs/file.c : #define __const_min(x, y) ((x) < (y)? (x): (y)) unsigned int sysctl_nr_open_max = __const_min(INT_MAX, ~(size_t)0/sizeof(void *)) & -BITS_PER_LONG; On a 32 - bit machine, BITS_PER_LONG is 32 INT_MAX is 0x7fffffff SIZE_MAX is 0xffffffff sysctl_nr_open_max is 0x3fffffe0 sysctl_nr_open_max * sizeof (struct dir_data *)) is 0xffffff80 The value is greater than INT_MAX but less than SIZE_MAX. No overflow occurs. On a 64-bit machine BITS_PER_LONG is 64 INT_MAX is 0x7fffffff SIZE_MAX is 0xffffffffffffffff sysctl_nr_open_max is 0x7fffffc0 sysctl_nr_open_max * sizeof (struct dir_data *)) is 0x3ffffff00 The value is greater than INT_MAX but less than SIZE_MAX. No overflow occurs. Thanks Xiaoming Ni