On Thu, 8 Aug 2024, Jeremy Harris via Exim-dev wrote:
> On 08/08/2024 12:02, Andrew C Aitchison via Exim-dev wrote:
>> However
>> gcc -O ~eximtest/git/Exim/exim/src/build-Linux-x86_64/rda.c -c /dev/null
>> fails on Ubuntu 24-04/Noble, so I think we have to do something.
>
> I'm not convinced that pandering to broken compilers is
> a route that is likely enough to be ever-terminating.
>
> Without having looked into that code you're in - might there
> be an arguable case for using an unsigned type?
An arguable case, definitely. A clear safe case, no.
The fundamental problem is that we are trying to compare the
output of read or write (a ssize_t) with the count that we
passed in (a size_t).
libc and POSIX.1 pass the buck by declaring that the
behavior is implementation defined when count > SSIZE_MAX.
It doesn't help that we are using an *int* (ie 31bits) to store this
count, (which guarantees we have truncation and sign extension in the
worst cases). It is written to and read from a pipe,
but I don't know whether there is another process between rda_write_string
and rda_read_string and hence whether we can change the type at all.
To clear this up properly we would need to look at Ustrlen() too
- it casts a size_t to an int.
All rather frustrating when Linux guarantees that read() will never
read as much as UINT_MAX and even that is much bigger than a reasonable
.forward file.
--
Andrew C. Aitchison Kendal, UK
andrew@???
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/