From dc49cd769b5fa6b7e0114b051c34a849828a7603 Mon Sep 17 00:00:00 2001
From: "Shawn O. Pearce" <spearce@spearce.org>
Date: Tue, 6 Mar 2007 20:44:37 -0500
Subject: Cast 64 bit off_t to 32 bit size_t

Some systems have sizeof(off_t) == 8 while sizeof(size_t) == 4.
This implies that we are able to access and work on files whose
maximum length is around 2^63-1 bytes, but we can only malloc or
mmap somewhat less than 2^32-1 bytes of memory.

On such a system an implicit conversion of off_t to size_t can cause
the size_t to wrap, resulting in unexpected and exciting behavior.
Right now we are working around all gcc warnings generated by the
-Wshorten-64-to-32 option by passing the off_t through xsize_t().

In the future we should make xsize_t on such problematic platforms
detect the wrapping and die if such a file is accessed.

Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 refs.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'refs.c')

diff --git a/refs.c b/refs.c
index 7a1f89caad..76c08d0360 100644
--- a/refs.c
+++ b/refs.c
@@ -1075,6 +1075,7 @@ int read_ref_at(const char *ref, unsigned long at_time, int cnt, unsigned char *
 	unsigned long date;
 	unsigned char logged_sha1[20];
 	void *log_mapped;
+	size_t mapsz;
 
 	logfile = git_path("logs/%s", ref);
 	logfd = open(logfile, O_RDONLY, 0);
@@ -1083,7 +1084,8 @@ int read_ref_at(const char *ref, unsigned long at_time, int cnt, unsigned char *
 	fstat(logfd, &st);
 	if (!st.st_size)
 		die("Log %s is empty.", logfile);
-	log_mapped = xmmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, logfd, 0);
+	mapsz = xsize_t(st.st_size);
+	log_mapped = xmmap(NULL, mapsz, PROT_READ, MAP_PRIVATE, logfd, 0);
 	logdata = log_mapped;
 	close(logfd);
 
@@ -1136,7 +1138,7 @@ int read_ref_at(const char *ref, unsigned long at_time, int cnt, unsigned char *
 						logfile, show_rfc2822_date(date, tz));
 				}
 			}
-			munmap(log_mapped, st.st_size);
+			munmap(log_mapped, mapsz);
 			return 0;
 		}
 		lastrec = rec;
@@ -1155,7 +1157,7 @@ int read_ref_at(const char *ref, unsigned long at_time, int cnt, unsigned char *
 		die("Log %s is corrupt.", logfile);
 	if (msg)
 		*msg = ref_msg(logdata, logend);
-	munmap(log_mapped, st.st_size);
+	munmap(log_mapped, mapsz);
 
 	if (cutoff_time)
 		*cutoff_time = date;
-- 
cgit v1.2.1