Buggy sbspace() on 64bit builds?

Anuranjan Shukla anshukla at juniper.net
Fri Feb 6 03:25:39 UTC 2015


Hi,
The way sbspace() is done today, it stores the result of subtraction of
socket buffer variables (u_int) in longs, and returns a long. If one of
the subtractions results in a -ve result (the other being positive), it's
seen as a large +ve and sbspace() ends up returning the wrong value.
    I'm not sure if this is enough of a corner case for consumers at large
to experience it, but at Juniper some of our implementation uses sbspace
directly and trips up on this for amd64 builds. Any thoughts on what a fix
should be for this?

Thanks
Anu

---------------------------
long
sbspace(struct sockbuf *sb)
{
        long bleft;
        long mleft;

        if (sb->sb_flags & SB_STOP)
                return(0);
        bleft = sb->sb_hiwat - sb->sb_cc;
        mleft = sb->sb_mbmax - sb->sb_mbcnt;
        return((bleft < mleft) ? bleft : mleft);

}



More information about the freebsd-arch mailing list