From scott@nts.umn.edu  Thu May  2 12:43:51 2002
Return-Path: <scott@nts.umn.edu>
Received: from nts.nts.umn.edu (nts.nts.umn.edu [128.101.4.1])
	by hub.freebsd.org (Postfix) with ESMTP id 27B7537B419
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  2 May 2002 12:43:49 -0700 (PDT)
Received: from ssb2.nts.umn.edu (ssb2.nts.umn.edu [160.94.7.1])
	by nts.nts.umn.edu (8.9.1a/8.9.1) with ESMTP id OAA26285;
	Thu, 2 May 2002 14:43:45 -0500 (CDT)
Received: (from scott@localhost)
	by ssb2.nts.umn.edu (8.11.6/8.10.2) id g42Jhjt20130;
	Thu, 2 May 2002 14:43:45 -0500 (CDT)
Message-Id: <200205021943.g42Jhjt20130@ssb2.nts.umn.edu>
Date: Thu, 2 May 2002 14:43:45 -0500 (CDT)
From: Scott Bertilson <scott@nts.umn.edu>
Reply-To: Scott Bertilson <scott@nts.umn.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Scott Bertilson <scott@nts.umn.edu>
Subject: off by 1 in $FreeBSD: src/sys/kern/subr_diskslice.c,v 1.82.2.6
X-Send-Pr-Version: 3.113

>Number:         37677
>Category:       kern
>Synopsis:       off by 1 in $FreeBSD: src/sys/kern/subr_diskslice.c,v 1.82.2.6
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ceri
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 02 12:50:01 PDT 2002
>Closed-Date:    Sun Jun 08 11:02:57 PDT 2003
>Last-Modified:  Sun Jun 08 11:02:57 PDT 2003
>Originator:     Scott Bertilson
>Release:        FreeBSD 4.4-RELEASE-p1 i386
>Organization:
University of Minnesota / OIT
>Environment:
System: FreeBSD ssb2.nts.umn.edu 4.4-RELEASE-p1 FreeBSD 4.4-RELEASE-p1 #13: Tue Apr 30 19:16:22 CDT 2002 scott@ssb2.nts.umn.edu:/home/src/sys/compile/SSB i386


>Description:
	line 916:
	|| pp->p_offset + pp->p_size > end
	offset + size should always be 1 more than end
>How-To-Repeat:
	ran into this while trying to get a drive with OpenBSD partitions to mount
>Fix:

	|| (pp->p_offset + pp->p_size - 1) > end
	as at line 948
	(u_long)(pp->p_offset + pp->p_size - 1),
>Release-Note:
>Audit-Trail:

From: Bruce Evans <bde@zeta.org.au>
To: Scott Bertilson <scott@nts.umn.edu>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/37677: off by 1 in $FreeBSD: src/sys/kern/subr_diskslice.c,v
 1.82.2.6
Date: Fri, 3 May 2002 09:26:37 +1000 (EST)

 On Thu, 2 May 2002, Scott Bertilson wrote:
 
 > >Description:
 > 	line 916:
 > 	|| pp->p_offset + pp->p_size > end
 > 	offset + size should always be 1 more than end
 
 No; p_offset + p_size is the sector after the last one in the partition, and
 it must be <= 'end' (which is the sector after the last one in the slice).
 The above checks the negation of `(pp->p_offset + pp->p_size) <= end'.
 
 > >How-To-Repeat:
 > 	ran into this while trying to get a drive with OpenBSD partitions to mount
 
 This seems to be a bug in the configuration of the OpenBSD partitions.
 
 > >Fix:
 >
 > 	|| (pp->p_offset + pp->p_size - 1) > end
 > 	as at line 948
 > 	(u_long)(pp->p_offset + pp->p_size - 1),
 
 No; this would introduce an off-by-1 error; it would permit partitions
 to extend 1 beyond the end of the slice.
 
 Line 948 is at best confusing.  It really prints the sector number of
 the last sector but calls it the end sector.  But internally, the "end"
 sector is always the one after the last.  Line 948 is just wrong for
 empty partitions.  The "end" (really last) sector is then one before
 the start.  E.g., start = 0, "end" = 4294967295.
 
 Bruce
 
State-Changed-From-To: open->feedback 
State-Changed-By: dwmalone 
State-Changed-When: Mon May 6 01:41:31 PDT 2002 
State-Changed-Why:  
Bruce suggests that the code is confusing, but correct. Do you concure? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37677 
State-Changed-From-To: feedback->closed 
State-Changed-By: ceri 
State-Changed-When: Sun Jun 8 11:02:55 PDT 2003 
State-Changed-Why:  
Feedback timeout (6 months or more). 
I will handle any feedback that this closure generates. 


Responsible-Changed-From-To: freebsd-bugs->ceri 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Sun Jun 8 11:02:55 PDT 2003 
Responsible-Changed-Why:  
Feedback timeout (6 months or more). 
I will handle any feedback that this closure generates. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37677 
>Unformatted:
