[uClibc 0001303]: mmap: unsigned shift operation => overflow error

bugs at busybox.net bugs at busybox.net
Fri Sep 26 08:26:51 UTC 2008


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=1303 
====================================================================== 
Reported By:                anlo
Assigned To:                uClibc
====================================================================== 
Project:                    uClibc
Issue ID:                   1303
Category:                   Architecture Specific
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             04-05-2007 01:47 PDT
Last Modified:              09-26-2008 01:26 PDT
====================================================================== 
Summary:                    mmap: unsigned shift operation => overflow error
Description: 
Product version: 0.9.29 (2007-04-02)

When trying to map /dev/mem with offset 0xFFFFF000 on the ARM platform,
mmap returns -EOVERFLOW. After some investigation, I have found the cause
in uClibc/libc/sysdeps/linux/arm/mmap.c:

Since off_t is defined as a long int and the sign bit is set in the
address, the shift operation at line 45 (see below) shifts in ones instead
of zeroes from the left. This results the offset sent to the kernel
function becomes 0xFFFFFFFF instead of 0x000FFFFF with MMAP2_PAGE_SHIFT
set to 12.

(off_t) (offset >> MMAP2_PAGE_SHIFT)

Proposed change, since the kernel function (do_mmap) expects offset as
unsigned long:

((unsigned long) offset >> MMAP2_PAGE_SHIFT)

====================================================================== 

---------------------------------------------------------------------- 
 khem - 05-09-07 13:25  
---------------------------------------------------------------------- 
Yes this should fix the problem. I verified it. However the same fix needs
to be applied to ./libc/sysdeps/linux/common/mmap64.c as well 

---------------------------------------------------------------------- 
 khem - 05-14-07 17:40  
---------------------------------------------------------------------- 
A patch which fixes this problem has been installed on trunk. Please verify
with the latest trunk.

here is the patch as applied.

http://uclibc.org/lists/uclibc-cvs/2007-May/011360.html 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-05-07 01:47  anlo           New Issue                                    
04-05-07 01:47  anlo           Status                   new => assigned     
04-05-07 01:47  anlo           Assigned To               => uClibc          
04-05-07 01:50  anlo           Issue Monitored: anlo                        
05-09-07 13:25  khem           Note Added: 0002350                          
05-14-07 17:40  khem           Note Added: 0002358                          
09-26-08 01:26  bernhardf      Status                   assigned => closed  
======================================================================




More information about the uClibc-cvs mailing list