Re: lseek/llseek allows the negative offset

From: Andrea Arcangeli (andrea@suse.de)
Date: Sat Nov 18 2000 - 22:07:04 EST

On Sat, Nov 18, 2000 at 05:20:34PM -0800, H . J . Lu wrote:
> Try this again 2.2.18pre21. It works for me.
>
>
> --
> H.J. Lu (hjl@valinux.com)
> ---
> --- linux/fs/ext2/file.c.lseek Sat Nov 18 17:18:49 2000
> +++ linux/fs/ext2/file.c Sat Nov 18 17:19:28 2000
> @@ -120,6 +120,8 @@ static long long ext2_file_lseek(
> case 1:
> offset += file->f_pos;
> }
> + if (offset < 0)
> + return -EINVAL;
> if (((unsigned long long) offset >> 32) != 0) {
> #if BITS_PER_LONG < 64
> return -EINVAL;

It's not enough for 2.2.x (and you left the `>> 32' nosense check).

2.2.x vanilla (so non-lfs) is getting wrong both 32bit and 64bit:

1) 32bit can lseek over 2G and it can return bogus retval

main()
{
        int fd = creat("x", 0600);
        lseek(fd, 0x7fffffff, 1);
        lseek(fd, 0x7fffffff, 1);
}

lseek(3, 2147483647, SEEK_CUR) = 2147483647
lseek(3, 2147483647, SEEK_CUR) = -1 ENOENT (No such file or directory)

(this isn't really -ENOENT but it's just trying to return a succesful -2 value)

2) 64bit can lseek over ext2_max_sizes and it can return bogus retvals

main()
{
        int fd = creat("x", 0600);
        lseek(fd, -2, 0);
}

open("x", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 3
lseek(3, 18446744073709551614, SEEK_SET) = -1 ENOENT (No such file or directory)

(this isn't really -ENOENT but it's just trying to return a succesful -2 value)

This will cure 2.2.x vanilla:

--- 2.2.18pre21/fs/ext2/file.c.~1~ Sun Nov 12 00:45:42 2000
+++ 2.2.18pre21/fs/ext2/file.c Sun Nov 19 03:59:29 2000
@@ -120,14 +120,14 @@
                 case 1:
                         offset += file->f_pos;
         }
- if (((unsigned long long) offset >> 32) != 0) {
 #if BITS_PER_LONG < 64
+ if (offset >> 31)
                 return -EINVAL;
 #else
- if (offset > ext2_max_sizes[EXT2_BLOCK_SIZE_BITS(inode->i_sb)])
- return -EINVAL;
+ if (offset < 0 ||
+ offset > ext2_max_sizes[EXT2_BLOCK_SIZE_BITS(inode->i_sb)])
+ return -EINVAL;
 #endif
- }
         if (offset != file->f_pos) {
                 file->f_pos = offset;
                 file->f_reada = 0;

and this will remove the nosense stuff from 2.4.x:

--- 2.4.0-test11-pre6/fs/ext2/file.c.~1~ Thu Nov 16 15:37:32 2000
+++ 2.4.0-test11-pre6/fs/ext2/file.c Sun Nov 19 04:03:27 2000
@@ -53,12 +53,9 @@
                 case 1:
                         offset += file->f_pos;
         }
- if (offset<0)
+ if (offset < 0 ||
+ offset > ext2_max_sizes[EXT2_BLOCK_SIZE_BITS(inode->i_sb)])
                 return -EINVAL;
- if (((unsigned long long) offset >> 32) != 0) {
- if (offset > ext2_max_sizes[EXT2_BLOCK_SIZE_BITS(inode->i_sb)])
- return -EINVAL;
- }
         if (offset != file->f_pos) {
                 file->f_pos = offset;
                 file->f_reada = 0;

(the above is also ok for 2.2.x-lfs and I'll fix it that way)

Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:16 EST