Ticket #176 (closed defect: fixed)

NB! Read about ReportingBugs before filing a ticket!

Opened 4 years ago

Last modified 4 years ago

opensc unreliable on 64-bit systems

Reported by: ken Owned by: opensc-devel@…
Priority: normal Milestone:
Component: opensc Version: 0.11.4
Severity: major Keywords:
Cc: Blocked By:
Blocking:

Description

There is a somewhat pervasive assumption in the code that sizeof(size_t) == sizeof(int). This is pretty much true on all 32-bit systems I know of, but it is often false on 64-bit systems. Depending on the specific compiler and compiler flags used, bugs caused by this assumption might be masked, or may cause mysterious failures. One specific example (and a minimal patch to fix this one problem) are attached, but in general the code ought to be reviewed, changing usage of "int" to "size_t" wherever the intent is to store an object's size or length.

Attachments

bug.0 Download (2.5 KB) - added by ken 4 years ago.
session demonstrating bug, and small patch to fix this specific error
bug.1 Download (12.4 KB) - added by ken 4 years ago.
Here are some more patches related to this bug. Other than the previously mentioned patch to pkcs15-tool.c, I have no demonstration that these changes are strictly necessary. This is also not an exhaustive review of where more careful size_t vs. int changes need to be made.

Change History

Changed 4 years ago by ken

session demonstrating bug, and small patch to fix this specific error

Changed 4 years ago by ken

Here are some more patches related to this bug. Other than the previously mentioned patch to pkcs15-tool.c, I have no demonstration that these changes are strictly necessary. This is also not an exhaustive review of where more careful size_t vs. int changes need to be made.

comment:1 Changed 4 years ago by ludovic

Good catch.

I think these problems should be detected and signaled by the compiler on a 64-bits platform. I will try to recompile on a 64-bit machine.

comment:2 Changed 4 years ago by ken

Well, a compiler can often be coaxed to warn about expressions mixing signed values (like int) and unsigned values (like size_t),or when a variable is implicitly truncated (e.g., assigning a 64-bit value into a 32-bit variable), which can help, but the specific bug that prompted this report cannot be detected by a compiler: where a void* is assigned the address to one type of variable (an int*), and then later dereferenced via a cast to another type (a size_t*). Said another way: cleaning up warnings from the compiler should help some, but, because void* is heavily used to indirectly transport values, the compiler will be unable to signal all the defects caused by a pervasive "most types are 32-bit" assumption.

comment:3 Changed 4 years ago by ludovic

  • Status changed from new to closed
  • Resolution set to fixed

Bug 0 corrected in revison 3509

thanks

comment:4 Changed 4 years ago by ludovic

patch bug.1 applied in revision r3510

Note: See TracTickets for help on using tickets.