opensc unreliable on 64-bit systems

[ken]

There is a somewhat pervasive assumption in the code that sizeof(size_t) == sizeof(int). This is pretty much true on all 32-bit systems I know of, but it is often false on 64-bit systems. Depending on the specific compiler and compiler flags used, bugs caused by this assumption might be masked, or may cause mysterious failures. One specific example (and a minimal patch to fix this one problem) are attached, but in general the code ought to be reviewed, changing usage of "int" to "size_t" wherever the intent is to store an object's size or length.

[ken]

session demonstrating bug, and small patch to fix this specific error

[ken]

Here are some more patches related to this bug. Other than the previously mentioned patch to pkcs15-tool.c, I have no demonstration that these changes are strictly necessary. This is also not an exhaustive review of where more careful size_t vs. int changes need to be made.

[ludovic]

Good catch.

I think these problems should be detected and signaled by the compiler on a 64-bits platform. I will try to recompile on a 64-bit machine.

[ken]

Well, a compiler can often be coaxed to warn about expressions mixing signed values (like int) and unsigned values (like size_t),or when a variable is implicitly truncated (e.g., assigning a 64-bit value into a 32-bit variable), which can help, but the specific bug that prompted this report cannot be detected by a compiler: where a void* is assigned the address to one type of variable (an int*), and then later dereferenced via a cast to another type (a size_t*). Said another way: cleaning up warnings from the compiler should help some, but, because void* is heavily used to indirectly transport values, the compiler will be unable to signal all the defects caused by a pervasive "most types are 32-bit" assumption.

[ludovic]

Bug 0 corrected in revison 3509

thanks

[ludovic]

patch bug.1 applied in revision r3510