NetBSD Problem Report #47154

From www@NetBSD.org  Sat Nov  3 03:50:14 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 947E663CAFB
	for <gnats-bugs@gnats.NetBSD.org>; Sat,  3 Nov 2012 03:50:14 +0000 (UTC)
Message-Id: <20121103035013.8658563CAFB@www.NetBSD.org>
Date: Sat,  3 Nov 2012 03:50:13 +0000 (UTC)
From: ben@hl9.net
Reply-To: ben@hl9.net
To: gnats-bugs@NetBSD.org
Subject: dd gives strange error on 4095m blocksize
X-Send-Pr-Version: www-1.0

>Number:         47154
>Category:       bin
>Synopsis:       dd gives strange error on 4095m blocksize
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 03 03:55:00 +0000 2012
>Last-Modified:  Fri Dec 26 23:35:00 +0000 2014
>Originator:     Ben Carroll
>Release:        6.0 release
>Organization:
>Environment:
No uname; on installer shell
>Description:
I am using the shell provided by the installer.  I'm not sure if the bug is present elsewhere, but my guess is yes so I did categorize this as an installer bug.  This is a 64 bit intel xeon e3 cpu.  

I have a picture from my KVM session here:
http://tinypic.com/view.php?pic=2qx19o8&s=6

If you notice, I try to use a 4096m blocksize and it informs me that this is 1 byte too large.  If you don't want to look at the picture or the picture is no longer available, to reproduce:

# dd if=/dev/zero of=/dev/rwd0d bs=4096m progress=1 
dd: block size 4294967296 is greater than 4294967295

.. a perfectly resonable error... however, any larger and:

# dd if=/dev/zero of=/dev/rwd0d bs=4095m progress=1 
dd: /dev/rwd0d: Invalid Argument

And, I tried again with a more reasonable block size to proove I did not detach or do anything to cause rwd0d to become invalid
>How-To-Repeat:
# dd if=/dev/zero of=/dev/rwd0d bs=4095m progress=1 
dd: /dev/rwd0d: Invalid Argument

>Fix:

>Audit-Trail:
From: Miwa Susumu <miwarin@gmail.com>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/47154
Date: Sat, 1 Nov 2014 00:06:12 +0900

 Is this malloc() bug?

 In my machine( NetBSD 6.1.5 i386 ), dd is segmentation fault.

 % dd if=/dev/zero of=hoge bs=4095m progress=1
 zsh: segmentation fault  dd if=/dev/zero of=hoge bs=4095m progress=1

 What is happening here.

 dd.c setup()

   if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
     if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) {      <====
       err(EXIT_FAILURE, NULL);
       /* NOTREACHED */
     }
     out.db = in.db;


 note that, in.dbsz and out.dbsz is 4293918720.

 Do you need to limit size of malloc() ?

 -- 
 miwarin

From: miwarin@gmail.com
To: gnats-bugs@NetBSD.org,
 gnats-admin@netbsd.org,
 netbsd-bugs@netbsd.org,
 ben@hl9.neta
Cc: 
Subject: Re: bin/47154
Date: Sat, 01 Nov 2014 21:26:06 +0900

 On Fri, 31 Oct 2014 15:10:01 +0000 (UTC)
 Miwa Susumu <miwarin@gmail.com> wrote:

 > The following reply was made to PR bin/47154; it has been noted by GNATS.
 > 
 > From: Miwa Susumu <miwarin@gmail.com>
 > To: gnats-bugs@NetBSD.org
 > Cc: 
 > Subject: Re: bin/47154
 > Date: Sat, 1 Nov 2014 00:06:12 +0900
 > 
 >  dd.c setup()
 >  
 >    if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
 >      if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) {      <====
 >        err(EXIT_FAILURE, NULL);
 >        /* NOTREACHED */
 >      }
 >      out.db = in.db;


 I was modified to check the arguments before malloc().


 % diff -u dd.c.orig dd.c
 --- dd.c.orig   2014-11-01 21:13:47.000000000 +0900
 +++ dd.c        2014-11-01 21:15:57.000000000 +0900
 @@ -1,4 +1,4 @@
 -/*     $NetBSD: dd.c,v 1.47.4.2 2012/04/17 00:01:36 yamt Exp $ */
 +/*     $NetBSD: dd.c,v 1.48 2011/11/06 21:22:23 jym Exp $      */

  /*-
   * Copyright (c) 1991, 1993, 1994
 @@ -43,7 +43,7 @@
  #if 0
  static char sccsid[] = "@(#)dd.c       8.5 (Berkeley) 4/2/94";
  #else
 -__RCSID("$NetBSD: dd.c,v 1.47.4.2 2012/04/17 00:01:36 yamt Exp $");
 +__RCSID("$NetBSD: dd.c,v 1.48 2011/11/06 21:22:23 jym Exp $");
  #endif
  #endif /* not lint */

 @@ -212,10 +212,10 @@
          * record oriented I/O, only need a single buffer.
          */
         if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
 -               size_t dbsz = out.dbsz;
 -               if (!(ddflags & C_BS))
 -                       dbsz += in.dbsz - 1;
 -               if ((in.db = malloc(dbsz)) == NULL) {
 +               if((out.dbsz + in.dbsz - 1) > SIZE_T_MAX) {
 +                       errx(EXIT_FAILURE, "bs must be less than %u", SIZE_T_MAX);
 +               }
 +               if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) {
                         err(EXIT_FAILURE, NULL);
                         /* NOTREACHED */
                 }


 -- 
 miwarin

From: Miwa Susumu <miwarin@gmail.com>
To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, 
	ben@hl9.neta
Cc: 
Subject: Re: bin/47154
Date: Sun, 2 Nov 2014 00:19:22 +0900

 2014-11-01 21:26 GMT+09:00  <miwarin@gmail.com>:
 >
 >
 > On Fri, 31 Oct 2014 15:10:01 +0000 (UTC)
 > Miwa Susumu <miwarin@gmail.com> wrote:
 >
 >
 > I was modified to check the arguments before malloc().
 >

 Ah.....
 my source code looks like it was older.
 forget me.
 I should use the current....

 -- 
 miwarin

From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/47154: dd gives strange error on 4095m blocksize
Date: Fri, 26 Dec 2014 23:33:05 +0000

 Not sent to gnats.
 (the procedure is: send mail to gnats-bugs; that goes into the bug
 database and it remails to ~everywhere)

    ------

 From: Miwa Susumu <miwarin@gmail.com>
 To: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, ben@hl9.net
 Subject: Re: bin/47154
 Date: Mon, 3 Nov 2014 01:11:38 +0900

 It would post many times, I'm sorry.

 2014-11-02 0:20 GMT+09:00 Miwa Susumu <miwarin@gmail.com>:
 > The following reply was made to PR bin/47154; it has been noted by GNATS.
 >
 > From: Miwa Susumu <miwarin@gmail.com>
 > To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
 >         ben@hl9.neta
 >  >
 >  > I was modified to check the arguments before malloc().
 >  >
 >
 >  my source code looks like it was older.
 >  I should use the current....

 % uname -msr
 NetBSD 7.99.1 i386


 Again I will die here.

 dd.c setup()

   if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
     size_t dbsz = out.dbsz;
     if (!(ddflags & C_BS))
       dbsz += in.dbsz - 1;
     if ((in.db = malloc(dbsz)) == NULL) {   <====
       err(EXIT_FAILURE, NULL);
       /* NOTREACHED */
     }
     out.db = in.db;


 By the way Do you know behavior of malloc?

 example:
 4294967295u (SIZE_T_MAX) is an error. that's ok.
 4293918720u (4095m) segmetation fault. It is not an error.

 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>

 int main(int ac, char** av)
 {
   char* buf0;
   char* buf1;

   buf0 = malloc( 4294967295u );
   if(buf0 == NULL) printf("%s\n", strerror(errno));
   if(buf0 != NULL) free(buf0);

   buf1 = malloc( 4293918720u );
   if(buf1 == NULL) printf("%s\n", strerror(errno));
   if(buf1 != NULL) free(buf1);
   return 0;
 }


 4293918720u is 4294967295u smaller.
 However, why do you not in error?
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.