From le@univie.ac.at  Sun Jul 20 13:06:36 2003
Return-Path: <le@univie.ac.at>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1FEEB37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Jul 2003 13:06:36 -0700 (PDT)
Received: from mailbox.univie.ac.at (mail.univie.ac.at [131.130.1.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8B04B43FBD
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Jul 2003 13:06:34 -0700 (PDT)
	(envelope-from le@univie.ac.at)
Received: from korben.in.tern (adslle.cc.univie.ac.at [131.130.102.11])
	by mailbox.univie.ac.at (8.12.2/8.12.2) with ESMTP id h6KK6HMJ045976
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Jul 2003 22:06:23 +0200
Received: from korben.in.tern (korben.in.tern [127.0.0.1])
	by korben.in.tern (8.12.9/8.12.9) with ESMTP id h6KK62q9015251
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 20 Jul 2003 22:06:03 +0200 (CEST)
	(envelope-from le@korben.in.tern)
Received: (from le@localhost)
	by korben.in.tern (8.12.9/8.12.9/Submit) id h6KK62li015250;
	Sun, 20 Jul 2003 22:06:02 +0200 (CEST)
	(envelope-from le)
Message-Id: <200307202006.h6KK62li015250@korben.in.tern>
Date: Sun, 20 Jul 2003 22:06:02 +0200 (CEST)
From: Lukas Ertl <l.ertl@univie.ac.at>
Reply-To: Lukas Ertl <l.ertl@univie.ac.at>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] fix gcc 3.3 compiler warning for ifconfig(8)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         54672
>Category:       bin
>Synopsis:       [PATCH] fix gcc 3.3 compiler warning for ifconfig(8)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    le
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 20 13:10:00 PDT 2003
>Closed-Date:    Thu May 13 15:00:19 PDT 2004
>Last-Modified:  Thu May 13 15:00:19 PDT 2004
>Originator:     Lukas Ertl
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
Vienna University Computer Center
>Environment:
System: FreeBSD korben 5.1-CURRENT FreeBSD 5.1-CURRENT #4: Mon Jul 14 22:28:43 CEST 2003 le@korben:/usr/obj/usr/src/sys/KORBEN i386


	
>Description:

When compiling ifconfig(8), gcc-3.3 emits the following warning:

cc -O -pipe -march=athlon -DUSE_IF_MEDIA -DINET6 -DUSE_VLANS -DUSE_IEEE80211 -DUSE_MAC -DNS -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings  -Wnested-externs -I..   -DRESCUE  -c /usr/src/sbin/ifconfig/ifconfig.c
/usr/src/sbin/ifconfig/ifconfig.c: In function `setatrange':
/usr/src/sbin/ifconfig/ifconfig.c:1692: warning: comparison is always false due to limited range of data type
/usr/src/sbin/ifconfig/ifconfig.c:1692: warning: comparison is always false due to limited range of data type

The bogus comparison is:

    if (sscanf(range, "%hu-%hu", &first, &last) != 2
        || first == 0 || first > 0xffff
        || last == 0 || last > 0xffff || first > last)

first and last are both declared as u_short, which can't hold values larger
then 0xffff, so the comparison isn't needed.

>How-To-Repeat:
	
>Fix:


--- ifconfig.diff begins here ---
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /usr/local/bsdcvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.90
diff -u -u -r1.90 ifconfig.c
--- sbin/ifconfig/ifconfig.c	28 Apr 2003 16:37:38 -0000	1.90
+++ sbin/ifconfig/ifconfig.c	20 Jul 2003 20:01:02 -0000
@@ -1688,8 +1688,7 @@
 	u_short	first = 123, last = 123;
 
 	if (sscanf(range, "%hu-%hu", &first, &last) != 2
-	    || first == 0 || first > 0xffff
-	    || last == 0 || last > 0xffff || first > last)
+	    || first == 0 || last == 0 || first > last)
 		errx(1, "%s: illegal net range: %u-%u", range, first, last);
 	at_nr.nr_firstnet = htons(first);
 	at_nr.nr_lastnet = htons(last);
--- ifconfig.diff ends here ---


>Release-Note:
>Audit-Trail:

From: Bruce Evans <bde@zeta.org.au>
To: Lukas Ertl <l.ertl@univie.ac.at>
Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: bin/54672: [PATCH] fix gcc 3.3 compiler warning for ifconfig(8)
Date: Mon, 21 Jul 2003 16:28:02 +1000 (EST)

 On Sun, 20 Jul 2003, Lukas Ertl wrote:
 
 > >Description:
 >
 > When compiling ifconfig(8), gcc-3.3 emits the following warning:
 >
 > cc -O -pipe -march=athlon -DUSE_IF_MEDIA -DINET6 -DUSE_VLANS -DUSE_IEEE80211 -DUSE_MAC -DNS -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings  -Wnested-externs -I..   -DRESCUE  -c /usr/src/sbin/ifconfig/ifconfig.c
 > /usr/src/sbin/ifconfig/ifconfig.c: In function `setatrange':
 > /usr/src/sbin/ifconfig/ifconfig.c:1692: warning: comparison is always false due to limited range of data type
 > /usr/src/sbin/ifconfig/ifconfig.c:1692: warning: comparison is always false due to limited range of data type
 >
 > The bogus comparison is:
 >
 >     if (sscanf(range, "%hu-%hu", &first, &last) != 2
 >         || first == 0 || first > 0xffff
 >         || last == 0 || last > 0xffff || first > last)
 >
 > first and last are both declared as u_short, which can't hold values larger
 > then 0xffff, so the comparison isn't needed.
 
 This is machine-dependent.  u_short can hold values up to USHRT_MAX, which
 is >= 0xffff (perhaps strictly larger).
 
 There doesn't seem to be any good reason to use u_shorts; similar code in
 at_getaddr() uses u_ints so it accidentally avoids the warning except on
 machines with 16-bit u_ints.
 
 Using strtoul() as mentioned in the XXX before the above code would avoid
 the warning less accidentally since 0xffff < ULONG_MAX on all machines.
 
 Bruce

From: Lukas Ertl <l.ertl@univie.ac.at>
To: Bruce Evans <bde@zeta.org.au>
Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: bin/54672: [PATCH] fix gcc 3.3 compiler warning for ifconfig(8)
Date: Mon, 21 Jul 2003 13:51:23 +0200 (CEST)

 On Mon, 21 Jul 2003, Bruce Evans wrote:
 
 > On Sun, 20 Jul 2003, Lukas Ertl wrote:
 >
 > > first and last are both declared as u_short, which can't hold values la=
 rger
 > > then 0xffff, so the comparison isn't needed.
 >
 > This is machine-dependent.  u_short can hold values up to USHRT_MAX, whic=
 h
 > is >=3D 0xffff (perhaps strictly larger).
 >
 > There doesn't seem to be any good reason to use u_shorts; similar code in
 > at_getaddr() uses u_ints so it accidentally avoids the warning except on
 > machines with 16-bit u_ints.
 >
 > Using strtoul() as mentioned in the XXX before the above code would avoid
 > the warning less accidentally since 0xffff < ULONG_MAX on all machines.
 
 Well, would this patch be better:
 
 ---8<---
 Index: sbin/ifconfig/ifconfig.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /usr/local/bsdcvs/src/sbin/ifconfig/ifconfig.c,v
 retrieving revision 1.90
 diff -u -u -r1.90 ifconfig.c
 --- sbin/ifconfig/ifconfig.c=0928 Apr 2003 16:37:38 -0000=091.90
 +++ sbin/ifconfig/ifconfig.c=0921 Jul 2003 11:50:33 -0000
 @@ -1680,17 +1680,34 @@
  =09bcopy(LLADDR(&sdl), sa->sa_data, sdl.sdl_alen);
  }
 
 -/* XXX  FIXME -- should use strtoul for better parsing. */
  void
  setatrange(const char *range, int dummy __unused, int s,
      const struct afswtch *afp)
  {
 -=09u_short=09first =3D 123, last =3D 123;
 +=09u_int=09first =3D 123, last =3D 123;
 +=09char=09*p, *endptr;
 +
 +=09if ((p =3D strchr(range, '-')) =3D=3D NULL)
 +=09=09errx(1, "illegal range '%s'", range);
 +
 +=09*p =3D '\0';
 +=09p++;
 +
 +=09if ((*range =3D=3D '\0') || (*p =3D=3D '\0'))
 +=09=09errx(1, "illegal range '%s-%s'", range, p);
 +
 +=09first =3D strtoul(range, &endptr, 10);
 +=09if (endptr =3D=3D range || *endptr !=3D '\0')
 +=09=09errx(1, "illegal range '%s-%s'", range, p);
 +
 +=09last =3D strtoul(p, &endptr, 10);
 +=09if (endptr =3D=3D p || *endptr !=3D '\0')
 +=09=09errx(1, "illegal range '%s-%s'", range, p);
 +
 +=09if (first =3D=3D 0 || first > 0xffff || last =3D=3D 0 || last > 0xffff
 +=09    || first > last)
 +=09=09errx(1, "%s-%s: illegal net range: %u-%u", range, p, first, last);
 
 -=09if (sscanf(range, "%hu-%hu", &first, &last) !=3D 2
 -=09    || first =3D=3D 0 || first > 0xffff
 -=09    || last =3D=3D 0 || last > 0xffff || first > last)
 -=09=09errx(1, "%s: illegal net range: %u-%u", range, first, last);
  =09at_nr.nr_firstnet =3D htons(first);
  =09at_nr.nr_lastnet =3D htons(last);
  }
 ---8<---
 
 regards,
 le
 
 --=20
 Lukas Ertl                             eMail: l.ertl@univie.ac.at
 UNIX-Systemadministrator               Tel.:  (+43 1) 4277-14073
 Zentraler Informatikdienst (ZID)       Fax.:  (+43 1) 4277-9140
 der Universit=E4t Wien                   http://mailbox.univie.ac.at/~le/

From: Bruce Evans <bde@zeta.org.au>
To: Lukas Ertl <l.ertl@univie.ac.at>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/54672: [PATCH] fix gcc 3.3 compiler warning for ifconfig(8)
Date: Mon, 21 Jul 2003 23:03:50 +1000 (EST)

 On Mon, 21 Jul 2003, Lukas Ertl wrote:
 
 > On Mon, 21 Jul 2003, Bruce Evans wrote:
 > > Using strtoul() as mentioned in the XXX before the above code would avoid
 > > the warning less accidentally since 0xffff < ULONG_MAX on all machines.
 >
 > Well, would this patch be better:
 
 I'm afraid not, since it has much the same parsing and overflow handing
 bugs as the old version despite being much larger, and it has some new
 style bugs.
 
 > Index: sbin/ifconfig/ifconfig.c
 > ===================================================================
 > RCS file: /usr/local/bsdcvs/src/sbin/ifconfig/ifconfig.c,v
 > retrieving revision 1.90
 > diff -u -u -r1.90 ifconfig.c
 > --- sbin/ifconfig/ifconfig.c	28 Apr 2003 16:37:38 -0000	1.90
 > +++ sbin/ifconfig/ifconfig.c	21 Jul 2003 11:50:33 -0000
 > @@ -1680,17 +1680,34 @@
 > ...
 > -	u_short	first = 123, last = 123;
 > +	u_int	first = 123, last = 123;
 > +	char	*p, *endptr;
 
 The new lines should be:
 
 	char *endptr, *p;
 	u_long first, last;
 
 This fixes about 4 style bugs (initialization, indentation, inter-line order
 and intra-line order) , and 1 overflow bug (see below).
 
 > +
 > +	if ((p = strchr(range, '-')) == NULL)
 > +		errx(1, "illegal range '%s'", range);
 
 strtoul() could be used to read up to the '-' more directly.
 
 There are complications for invalid formats with '-' signs in the
 numbers.  Both strtoul() and sscanf() will parse the '-' signs as
 parts of numbers, but we don't want that here.  I think we also
 don't want any leading whitespace.
 
 > +	first = strtoul(range, &endptr, 10);
 
 `first' needs to have type u_long so that overflow can't occur before
 the range check.  OTOH, we don't need to handle ERANGE errors since
 ULONG_MAX will fail the range check.
 
 Bruce

From: Lukas Ertl <l.ertl@univie.ac.at>
To: Bruce Evans <bde@zeta.org.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/54672: [PATCH] fix gcc 3.3 compiler warning for ifconfig(8)
Date: Mon, 21 Jul 2003 15:43:24 +0200 (CEST)

 On Mon, 21 Jul 2003, Bruce Evans wrote:
 
 > On Mon, 21 Jul 2003, Lukas Ertl wrote:
 > > ...
 > > -	u_short	first = 123, last = 123;
 > > +	u_int	first = 123, last = 123;
 > > +	char	*p, *endptr;
 >
 > The new lines should be:
 >
 > 	char *endptr, *p;
 > 	u_long first, last;
 >
 > This fixes about 4 style bugs (initialization, indentation, inter-line order
 > and intra-line order) , and 1 overflow bug (see below).
 
 Ok, I guess I'm not too familiar with style(9) :-)
 
 > > +
 > > +	if ((p = strchr(range, '-')) == NULL)
 > > +		errx(1, "illegal range '%s'", range);
 >
 > strtoul() could be used to read up to the '-' more directly.
 >
 > There are complications for invalid formats with '-' signs in the
 > numbers.  Both strtoul() and sscanf() will parse the '-' signs as
 > parts of numbers, but we don't want that here.  I think we also
 > don't want any leading whitespace.
 
 So we need strchr(), don't we?
 
 regards,
 le
 
 -- 
 Lukas Ertl                             eMail: l.ertl@univie.ac.at
 UNIX Systemadministrator               Tel.:  (+43 1) 4277-14073
 Vienna University Computer Center      Fax.:  (+43 1) 4277-9140
 University of Vienna                   http://mailbox.univie.ac.at/~le/

From: Bruce Evans <bde@zeta.org.au>
To: Lukas Ertl <l.ertl@univie.ac.at>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/54672: [PATCH] fix gcc 3.3 compiler warning for ifconfig(8)
Date: Tue, 22 Jul 2003 20:22:36 +1000 (EST)

 On Mon, 21 Jul 2003, Lukas Ertl wrote:
 
 > On Mon, 21 Jul 2003, Bruce Evans wrote:
 >
 > > On Mon, 21 Jul 2003, Lukas Ertl wrote:
 > > > ...
 > > > +
 > > > +	if ((p = strchr(range, '-')) == NULL)
 > > > +		errx(1, "illegal range '%s'", range);
 > >
 > > strtoul() could be used to read up to the '-' more directly.
 > >
 > > There are complications for invalid formats with '-' signs in the
 > > numbers.  Both strtoul() and sscanf() will parse the '-' signs as
 > > parts of numbers, but we don't want that here.  I think we also
 > > don't want any leading whitespace.
 >
 > So we need strchr(), don't we?
 
 No.  strchr() will find the first '-' in the invalid input "-123-456",
 and I think recovering from this mess would be harder than not getting
 into it.  Another example of invalid input that tends to get accepted
 if any character except the digits is parsed in a non-per-char way:
 " \t-123- \t-456".  Pseudocode for rejecting minus signs and whitespace:
 
 	assert(isdigit((u_char)*range);
 	first = strtoul(range, &endptr, 10);
 	assert(*endptr == '-');
 	endptr++;
 	assert(isdigit((u_char)*endptr);
 	last = strtoul(endptr, &endptr, 10);
 	assert(*endptr == '\0');
 
 Hmm.  It wouldn't hurt to accept whitespace, and strtoul will handle
 minus signs in a way that will cause an error later ("-<digits>" -> 0
 or -ULONG_MAX), so we can let strtoul() parse almost everything after
 all:
 
 	first = strtoul(range, &endptr, 10);
 	assert(endptr != range && *endptr == '-');
 	lastptr = endptr + 1;
 	last = strtoul(lastptr, &endptr, 10);
 	assert(endptr != lastptr && *endptr == '\0');
 
 Bruce
Responsible-Changed-From-To: freebsd-bugs->le 
Responsible-Changed-By: le 
Responsible-Changed-When: Mon Feb 2 14:28:45 PST 2004 
Responsible-Changed-Why:  
Take my own PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54672 
State-Changed-From-To: open->closed 
State-Changed-By: le 
State-Changed-When: Thu May 13 14:59:55 PDT 2004 
State-Changed-Why:  
Close my own PR, it's not valid anymore. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54672 
>Unformatted:
