From nobody@FreeBSD.ORG  Mon Sep 11 08:47:41 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 607AF37B423; Mon, 11 Sep 2000 08:47:41 -0700 (PDT)
Message-Id: <20000911154741.607AF37B423@hub.freebsd.org>
Date: Mon, 11 Sep 2000 08:47:41 -0700 (PDT)
From: bob@immure.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: bit_ffc and bit_ffs macros in bitstring.h test 1 byte too many.
X-Send-Pr-Version: www-1.0

>Number:         21204
>Category:       misc
>Synopsis:       bit_ffc and bit_ffs macros in bitstring.h test 1 byte too many.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    dwmalone
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 11 08:50:01 PDT 2000
>Closed-Date:    Mon Oct 30 03:24:33 PST 2000
>Last-Modified:  Mon Oct 30 03:24:55 PST 2000
>Originator:     Bob Willcox
>Release:        4.0-stable
>Organization:
VIEO, Inc
>Environment:
FreeBSD sebulba.pmr.com 4.0-STABLE FreeBSD 4.0-STABLE #365: Sat Sep  9 08:55:18 CDT 2000     bob@sebulba.pmr.com:/usr/src/sys/compile/GPXTEST  i386

>Description:
The bit_ffc and bit_ffs macros both contain a for loop where they check
for their loop ctr variable (_byte) for <_ to the end value (_stopbyte).
Unfortunately, _stopbyte is preloaded to the number of bytes in the
bit string, not the last valid index value.  Consequently these macros
both process one too many bytes.
>How-To-Repeat:
Set all of the bits in the string and execute bit_ffc.  You will observe
that it returns the index of _stopbyte (which is beyond the string).
You can also try this with an all clear bitstring and use bit_ffs.
I haven't actually tried this, since I discovered the bug when using 
bit_ffc, but the loop conditions are identical in it so the bug no
doubt exists there as well.

>Fix:
Here is a patch that I installed that works for me:

--- /usr/include/bitstring.h    Mon Feb 21 08:13:54 2000
+++ gpxbitstring.h      Sat Sep  9 08:44:25 2000
@@ -115,7 +115,7 @@
        register bitstr_t *_name = name; \
        register int _byte, _nbits = nbits; \
        register int _stopbyte = _bit_byte(_nbits), _value = -1; \
-       for (_byte = 0; _byte <= _stopbyte; ++_byte) \
+       for (_byte = 0; _byte < _stopbyte; ++_byte) \
                if (_name[_byte] != 0xff) { \
                        _value = _byte << 3; \
                        for (_stopbyte = _name[_byte]; (_stopbyte&0x1); \
@@ -130,7 +130,7 @@
        register bitstr_t *_name = name; \
        register int _byte, _nbits = nbits; \
        register int _stopbyte = _bit_byte(_nbits), _value = -1; \
-       for (_byte = 0; _byte <= _stopbyte; ++_byte) \
+       for (_byte = 0; _byte < _stopbyte; ++_byte) \
                if (_name[_byte]) { \
                        _value = _byte << 3; \
                        for (_stopbyte = _name[_byte]; !(_stopbyte&0x1); \


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Mon Oct 2 14:18:08 PDT 2000 
Responsible-Changed-Why:  
I've looked at the patch and it seems correct. Anyone want to review it for 
me? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21204 
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Mon Oct 30 03:24:33 PST 2000 
State-Changed-Why:  
Improved bitstring macros now in -current and -stable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21204 
>Unformatted:
