bin/113399: growfs has singed int overflow in printf

Staffan Ulfberg staffan at
Wed Jun 6 03:20:03 UTC 2007

>Number:         113399
>Category:       bin
>Synopsis:       growfs has singed int overflow in printf
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 06 03:20:02 GMT 2007
>Originator:     Staffan Ulfberg
>Release:        6.2-STABLE
Harmonicode AB
FreeBSD 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun May  6 19:09:39 CEST 2007     staffanu at  i386
When growfs prints out the cylinder numbers that are used for suber-block backups, it prints negative numbers for cylinders that are larger than 2^31.

The utility still works (at least it did for me when growing a 1.3 TB file system to 1.5 TB), but it looks quite worrying.  I for one did not proceed to actually run the tool (after having tested with -N) until I had checked the source code to see that the problem only appears in the printout.

Run growfs on a file system larger than 1 TB.
multivac# diff -u growfs.c.orig growfs.c
--- growfs.c.orig       Wed Jun  6 05:13:05 2007
+++ growfs.c    Wed Jun  6 05:13:44 2007
@@ -259,8 +259,8 @@
        for (cylno = osblock.fs_ncg; cylno < sblock.fs_ncg; cylno++) {
                initcg(cylno, utime, fso, Nflag);
-               j = sprintf(tmpbuf, " %d%s",
-                   (int)fsbtodb(&sblock, cgsblock(&sblock, cylno)),
+               j = sprintf(tmpbuf, " %jd%s",
+                   (intmax_t)fsbtodb(&sblock, cgsblock(&sblock, cylno)),
                    cylno < (sblock.fs_ncg-1) ? "," : "" );
                if (i + j >= width) {


More information about the freebsd-bugs mailing list