Bug 975488
| Summary: | Additional flags might have no effect on 32bit architectures | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jakub Hrozek <jhrozek> | |
| Component: | libtevent | Assignee: | Jakub Hrozek <jhrozek> | |
| Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 5.10 | CC: | apeetham, asn, dpal | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | libtevent-0.9.18-2.el5 | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: A condition in the poll backend copied a 64bit variable into an unsigned int variable, which smaller than 64bit on 32bit architectures.
Consequence: Later, using that unsigned int variable in a condition rendered that condition to be always false
Fix: The variable was fixed to be of uint64_t, guaranteeing its width to be 64 bits on all architectures.
Result: The condition now yields expected results.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 975489 975490 (view as bug list) | Environment: | ||
| Last Closed: | 2013-09-30 23:22:23 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 975489, 975490 | |||
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. Verified on libtevent-0.9.18-2.el5. Sanity tests passed and no related regression detected. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1343.html |
Description of problem: Samba upstream found via Coverity check that the latest tevent (which we rebase to in 5.10) contains a bug. There is an assignment from uint64_t to unsigned int and later a comparison against UINT64_t. On 32bit platforms, "unsigned" could be less than uint64_t, so idx==UINT64_MAX is always false. Version-Release number of selected component (if applicable): 0.9.18 How reproducible: N/A Steps to Reproduce: 1. don't reproduce, just sanity testing. 2. 3. Actual results: Expected results: Additional info: $ git log dd0e38b5feb51c8aa44e76bb6c84202bf8373005 -1 -p commit dd0e38b5feb51c8aa44e76bb6c84202bf8373005 Author: Volker Lendecke <vl> Date: Thu Jun 13 20:35:32 2013 +0200 tevent: Fix Coverity ID 989236 Operands don't affect result "unsigned" could be less than uint64_t, so idx==UINT64_MAX is always false. Signed-off-by: Volker Lendecke <vl> Reviewed-by: Jeremy Allison <jra> diff --git a/lib/tevent/tevent_poll.c b/lib/tevent/tevent_poll.c index c6e2a00..75d0ced 100644 --- a/lib/tevent/tevent_poll.c +++ b/lib/tevent/tevent_poll.c @@ -546,7 +546,7 @@ static int poll_event_loop_poll(struct tevent_context *ev, the handler to remove itself when called */ for (fde = ev->fd_events; fde; fde = fde->next) { - unsigned idx = fde->additional_flags; + uint64_t idx = fde->additional_flags; struct pollfd *pfd; uint16_t flags = 0;