[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gunzip store trouble identified

From: Roland McGrath
Subject: Re: gunzip store trouble identified
Date: Mon, 11 Mar 2002 18:09:16 -0500 (EST)

> Because the size of the first run is smaller than that, store_read tries
> to read from multiple stores.

You mean multiple runs.

> Because in this case store_next_run is called, and store_next_run wraps
> around, this will succeed.

That should not happen.  It should not be wrapping around at all for most
stores.  I suspect that what's needed is an end-of-store check in
store_next_run, or perhaps better yet in store_read/store_write.  This is
another case where the code was written to assume no calls off the end of
the store.  For store_write, it should just have a check for trying to
write past the end of the store and return EINVAL or EIO or something at
the start.  For store_read, it should cap the the addr+amount to the store
size when it's known.

> Now, store_read returns 256kb, and that wretches things in zread badly.

Even with store_read fixed, it looks to me that zread has a bug.
store_read may return a shorter length in NEW_IN_BUF_LEN wihtout changing
NEW_IN_BUF.  In that case, the code now will ignore NEW_IN_BUF_LEN and
think the whole buffer has data.  It needs to notice the value returned,
but also keep track of the whole buffer size so it munmap's all the pages.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]