r9313@totoro: nickm | 2006-11-13 20:07:41 -0500

 Try to compile with fewer warnings on irix64's MIPSpro compiler /
 environment, which apparently believes that:
   - off_t can be bigger than size_t.
   - only mean kids assign things they do not subsequently inspect.
 
 I don't try to fix the "error" that makes it say:
 
 cc-3970 cc: WARNING File = main.c, Line = 1277
   conversion from pointer to same-sized integral type (potential portability
           problem)
 
     uintptr_t sig = (uintptr_t)arg;
 
 Because really, what can you do about a compiler that claims to be c99
 but doesn't understand that void* x = NULL; uintptr_t y = (uintptr_t) x;
 is safe?
 


svn:r8948

4 files changed, 28 insertions, 5 deletions

diff --git a/src/common/compat.c b/src/common/compat.c
index db38e757e3..75e37a8b79 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -135,7 +135,7 @@ tor_mmap_file(const char *filename)
     return NULL;
   }
 
-  size = filesize = lseek(fd, 0, SEEK_END);
+  size = filesize = (size_t) lseek(fd, 0, SEEK_END);
   lseek(fd, 0, SEEK_SET);
   /* ensure page alignment */
   page_size = getpagesize();
diff --git a/src/common/torgzip.c b/src/common/torgzip.c
index 83438462a2..badd45be87 100644
--- a/src/common/torgzip.c
+++ b/src/common/torgzip.c
@@ -121,7 +121,12 @@ tor_gzip_compress(char **out, size_t *out_len,
         out_size *= 2;
         *out = tor_realloc(*out, out_size);
         stream->next_out = (unsigned char*)(*out + offset);
-        stream->avail_out = out_size - offset;
+        if (out_size - offset > UINT_MAX) {
+          log_warn(LD_BUG,  "Ran over unsigned int limit of zlib while "
+                   "uncompressing.");
+          goto err;
+        }
+        stream->avail_out = (unsigned int)(out_size - offset);
         break;
       default:
         log_warn(LD_GENERAL, "Gzip compression didn't finish: %s",
@@ -238,7 +243,12 @@ tor_gzip_uncompress(char **out, size_t *out_len,
         out_size *= 2;
         *out = tor_realloc(*out, out_size);
         stream->next_out = (unsigned char*)(*out + offset);
-        stream->avail_out = out_size - offset;
+        if (out_size - offset > UINT_MAX) {
+          log_warn(LD_BUG,  "Ran over unsigned int limit of zlib while "
+                   "uncompressing.");
+          goto err;
+        }
+        stream->avail_out = (unsigned int)(out_size - offset);
         break;
       default:
         log_warn(LD_GENERAL, "Gzip decompression returned an error: %s",
diff --git a/src/common/torint.h b/src/common/torint.h
index f520072aa2..536823c6b3 100644
--- a/src/common/torint.h
+++ b/src/common/torint.h
@@ -287,6 +287,16 @@ typedef uint32_t uintptr_t;
 #endif /* time_t_is_signed */
 #endif /* ifndef(TIME_MAX) */
 
+#ifndef SIZE_T_MAX
+#if (SIZEOF_SIZE_T == 4)
+#define SIZE_T_MAX 0xfffffffful
+#elif (SIZEOF_SIZE_T == 8)
+#define SIZE_T_MAX 0xfffffffffffffffful
+#else
+#error "Can't define SIZE_T_MAX"
+#endif
+#endif
+
 /* Any size_t larger than this amount is likely to be an underflow. */
 #define SIZE_T_CEILING (sizeof(char)<<(sizeof(size_t)*8 - 1))
 
diff --git a/src/common/util.c b/src/common/util.c
index d5a71d2743..15e08fa898 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1324,9 +1324,12 @@ read_file_to_str(const char *filename, int bin, size_t *size_out)
     return NULL;
   }
 
-  string = tor_malloc(statbuf.st_size+1);
+  if (statbuf.st_size+1 > SIZE_T_MAX)
+    return NULL;
+
+  string = tor_malloc((size_t)(statbuf.st_size+1));
 
-  r = read_all(fd,string,statbuf.st_size,0);
+  r = read_all(fd,string,(size_t)statbuf.st_size,0);
   if (r<0) {
     log_warn(LD_FS,"Error reading from file \"%s\": %s", filename,
              strerror(errno));