This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC PATCH 51/52] Y2038: add RPC functions
Hi Paul,
On Fri, 8 Sep 2017 12:59:27 -0700, Paul Eggert <eggert@cs.ucla.edu>
wrote :
> On 09/08/2017 10:49 AM, Albert ARIBAUD (3ADEV) wrote:
> > +CLIENT *
> > +__clntudp_create64 (struct sockaddr_in *raddr, u_long program,
> > u_long version,
> > + struct __timeval64 wait, int *sockp)
> > +{
> > + struct timeval wait32;
> > + if (wait.tv_sec > INT_MAX)
> > + {
> > + return NULL;
> > + }
> > + return clntudp_create (raddr, program, version, wait32, sockp);
> > +}
>
> I'm not seeing how this could work. The code does not copy the value
> of 'wait' to 'wait32'. And the code doesn't have a proper check for
> fitting in 'int', e.g., it will do the wrong thing for INT_MIN - 1L.
> And there's no error status set when the time is out of range.
That's a cut/paste typo during a recent cleanup round :( --
__clntudp_bufcreate64 is missing the same two lines which are present
in __pmap_rmtcall_t64 and copy the timeout into its 32-bit counterpart.
Thanks for spotting this, will add the missing lines (or possibly a
call to a conversion function, similar to your suggestion below).
> I haven't reviewed the patches carefully, just caught this in a spot
> check. Please look systematically for similar errors.
Will do.
> While you're doing that systematic review, I suggest putting something
> like the following code into a suitable private include file, and using
> it to tell whether a __time64_t value is in time_t range. This will
> generate zero instructions when time_t is 64-bit, so generic callers can
> use this function without needing any ifdefs and without losing any
> performance on 64-bit time_t platforms. You should write similar static
> functions for checking whether struct __timeval64 is in struct timeval
> range, and similarly for struct __timespec64. These can check for the
> subseconds parts being in range, as needed (watch for x32 here). The
> idea is to be systematic about this stuff and to do it in one place, to
> avoid ticky-tack range bugs such as are in the above-quoted code.
>
> /* time_t is always 'long int' in the GNU C Library. */
> #define TIME_T_MIN LONG_MIN
> #define TIME_T_MAX LONG_MAX
BTW, time_t is a signed int, but its negative range is not completely
usable since (time_t)-1 is used as an error status. So should the
TIME_T_MIN limit be LONG_MIN or should it be 0?
> static inline bool
> fits_in_time_t (__time64_t t)
> {
> #if 7 <= __GNUC__
> return !__builtin_add_overflow_p (t, 0, TIME_T_MAX);
> #endif
> return TIME_T_MIN <= t && t <= TIME_T_MAX;
> }
Will do -- in fact, as I hinted above, I'll probably augment this with
timeval and timespec test and conversion functions to automate things
such as setting errno to EOVERFLOW if the conversion cannot be done.
Thanks for your comment and suggestion!
Cordialement,
Albert ARIBAUD
3ADEV