Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
To: cygwin@cygwin.com
X-Injected-Via-Gmane: http://gmane.org/
Path: not-for-mail
From: Joe Buehler <jbuehler@hekimian.com>
Newsgroups: gmane.os.cygwin
Subject: off-by-one problem in dtable.cc?
Date: Mon, 24 Jun 2002 16:00:55 -0400
Lines: 26
Message-ID: <3D177A77.3030400@hekimian.com>
NNTP-Posting-Host: hekimian.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1024948839 16712 206.205.138.10 (24 Jun 2002 20:00:39 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Mon, 24 Jun 2002 20:00:39 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.0) Gecko/20020530
X-Accept-Language: en-us, en

The following code in dtable::dup2() determines whether the fd table
should be expanded, and how much

   if ((size_t) newfd >= size)
    {
      int inc_size = NOFILE_INCR * ((newfd + NOFILE_INCR - 1) / NOFILE_INCR) -
                     size;
      extend (inc_size);
    }

Consider:

NOFILE_INCR is #defined to be 32.  If size is 32, and newfd is 32, then
inc_size will be: 32 * ((32 + 32 - 1) / 32) - 32 == 0, so the fdtable
will not be expanded, and interesting things will undoubtedly ensue!

I think it should be:

   if ((size_t) newfd >= size)
    {
      int inc_size = NOFILE_INCR * (newfd / NOFILE_INCR + 1) - size;
      extend (inc_size);
    }

Joe Buehler




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/