bin/113399: growfs has singed int overflow in printf
Staffan Ulfberg
staffan at ulfberg.se
Wed Jun 6 03:20:03 UTC 2007
>Number: 113399
>Category: bin
>Synopsis: growfs has singed int overflow in printf
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 06 03:20:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Staffan Ulfberg
>Release: 6.2-STABLE
>Organization:
Harmonicode AB
>Environment:
FreeBSD multivac.fatburen.org 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun May 6 19:09:39 CEST 2007 staffanu at multivac.fatburen.org:/usr/obj/usr/src/sys/MULTIVAC i386
>Description:
When growfs prints out the cylinder numbers that are used for suber-block backups, it prints negative numbers for cylinders that are larger than 2^31.
The utility still works (at least it did for me when growing a 1.3 TB file system to 1.5 TB), but it looks quite worrying. I for one did not proceed to actually run the tool (after having tested with -N) until I had checked the source code to see that the problem only appears in the printout.
>How-To-Repeat:
Run growfs on a file system larger than 1 TB.
>Fix:
multivac# diff -u growfs.c.orig growfs.c
--- growfs.c.orig Wed Jun 6 05:13:05 2007
+++ growfs.c Wed Jun 6 05:13:44 2007
@@ -259,8 +259,8 @@
*/
for (cylno = osblock.fs_ncg; cylno < sblock.fs_ncg; cylno++) {
initcg(cylno, utime, fso, Nflag);
- j = sprintf(tmpbuf, " %d%s",
- (int)fsbtodb(&sblock, cgsblock(&sblock, cylno)),
+ j = sprintf(tmpbuf, " %jd%s",
+ (intmax_t)fsbtodb(&sblock, cgsblock(&sblock, cylno)),
cylno < (sblock.fs_ncg-1) ? "," : "" );
if (i + j >= width) {
printf("\n");
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list