Bug 975489 - Additional flags might have no effect on 32bit architectures
Additional flags might have no effect on 32bit architectures
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libtevent (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On: 975488 975490
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-18 11:07 EDT by Jakub Hrozek
Modified: 2013-11-21 00:42 EST (History)
4 users (show)

See Also:
Fixed In Version: libtevent-0.9.18-2.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 975488
Environment:
Last Closed: 2013-11-21 00:42:26 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jakub Hrozek 2013-06-18 11:07:36 EDT
+++ This bug was initially created as a clone of Bug #975488 +++

Description of problem:
Samba upstream found via Coverity check that the latest tevent (which we rebase to in 5.10) contains a bug. There is an assignment from uint64_t to unsigned int and later a comparison against UINT64_t. On 32bit platforms, "unsigned" could be less than uint64_t, so idx==UINT64_MAX is always false.

Version-Release number of selected component (if applicable):
0.9.18

How reproducible:
N/A

Steps to Reproduce:
1. don't reproduce, just sanity testing.
2.
3.

Actual results:


Expected results:


Additional info:

$ git log  dd0e38b5feb51c8aa44e76bb6c84202bf8373005 -1 -p
commit dd0e38b5feb51c8aa44e76bb6c84202bf8373005
Author: Volker Lendecke <vl@samba.org>
Date:   Thu Jun 13 20:35:32 2013 +0200

    tevent: Fix Coverity ID 989236 Operands don't affect result
    
    "unsigned" could be less than uint64_t, so idx==UINT64_MAX is always false.
    
    Signed-off-by: Volker Lendecke <vl@samba.org>
    Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/lib/tevent/tevent_poll.c b/lib/tevent/tevent_poll.c
index c6e2a00..75d0ced 100644
--- a/lib/tevent/tevent_poll.c
+++ b/lib/tevent/tevent_poll.c
@@ -546,7 +546,7 @@ static int poll_event_loop_poll(struct tevent_context *ev,
           the handler to remove itself when called */
 
        for (fde = ev->fd_events; fde; fde = fde->next) {
-               unsigned idx = fde->additional_flags;
+               uint64_t idx = fde->additional_flags;
                struct pollfd *pfd;
                uint16_t flags = 0;
Comment 7 Amith 2013-10-25 10:09:26 EDT
Verified the bug on libtevent version: libtevent-0.9.18-3.el6

Sanity tests passed and no related regression detected.
Comment 9 errata-xmlrpc 2013-11-21 00:42:26 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1552.html

Note You need to log in before you can comment on or make changes to this bug.