Bug 975489

Summary: Additional flags might have no effect on 32bit architectures
Product: Red Hat Enterprise Linux 6 Reporter: Jakub Hrozek <jhrozek>
Component: libteventAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: apeetham, asn, dpal, lnovich
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libtevent-0.9.18-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 975488 Environment:
Last Closed: 2013-11-21 05:42:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 975488, 975490    
Bug Blocks:    

Description Jakub Hrozek 2013-06-18 15:07:36 UTC 
+++ This bug was initially created as a clone of Bug #975488 +++

Description of problem:
Samba upstream found via Coverity check that the latest tevent (which we rebase to in 5.10) contains a bug. There is an assignment from uint64_t to unsigned int and later a comparison against UINT64_t. On 32bit platforms, "unsigned" could be less than uint64_t, so idx==UINT64_MAX is always false.

Version-Release number of selected component (if applicable):
0.9.18

How reproducible:
N/A

Steps to Reproduce:
1. don't reproduce, just sanity testing.
2.
3.

Actual results:


Expected results:


Additional info:

$ git log  dd0e38b5feb51c8aa44e76bb6c84202bf8373005 -1 -p
commit dd0e38b5feb51c8aa44e76bb6c84202bf8373005
Author: Volker Lendecke <vl>
Date:   Thu Jun 13 20:35:32 2013 +0200

    tevent: Fix Coverity ID 989236 Operands don't affect result
    
    "unsigned" could be less than uint64_t, so idx==UINT64_MAX is always false.
    
    Signed-off-by: Volker Lendecke <vl>
    Reviewed-by: Jeremy Allison <jra>

diff --git a/lib/tevent/tevent_poll.c b/lib/tevent/tevent_poll.c
index c6e2a00..75d0ced 100644
--- a/lib/tevent/tevent_poll.c
+++ b/lib/tevent/tevent_poll.c
@@ -546,7 +546,7 @@ static int poll_event_loop_poll(struct tevent_context *ev,
           the handler to remove itself when called */
 
        for (fde = ev->fd_events; fde; fde = fde->next) {
-               unsigned idx = fde->additional_flags;
+               uint64_t idx = fde->additional_flags;
                struct pollfd *pfd;
                uint16_t flags = 0;
Comment 7 Amith 2013-10-25 14:09:26 UTC 
Verified the bug on libtevent version: libtevent-0.9.18-3.el6

Sanity tests passed and no related regression detected.
Comment 9 errata-xmlrpc 2013-11-21 05:42:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1552.html