freebsd-skq/bin/dd/position.c
asomers a78f415b2a dd(1): Incorrect casting of arguments
dd(1) casts many of its numeric arguments from uintmax_t to intmax_t and
back again to detect whether or not the original arguments were negative.
This is not correct, and causes problems with boundary cases, for example
when count is SSIZE_MAX-1.

PR:		191263
Submitted by:	will@worrbase.com
Reviewed by:	pi, asomers
MFC after:	3 weeks
2017-08-25 15:31:55 +00:00

216 lines
5.7 KiB
C

/*-
* Copyright (c) 1991, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Keith Muller of the University of California, San Diego and Lance
* Visser of Convex Computer Corporation.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
#if 0
static char sccsid[] = "@(#)position.c 8.3 (Berkeley) 4/2/94";
#endif
#endif /* not lint */
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/mtio.h>
#include <err.h>
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
#include <signal.h>
#include <unistd.h>
#include "dd.h"
#include "extern.h"
static off_t
seek_offset(IO *io)
{
off_t n;
size_t sz;
n = io->offset;
sz = io->dbsz;
_Static_assert(sizeof(io->offset) == sizeof(int64_t), "64-bit off_t");
/*
* If the lseek offset will be negative, verify that this is a special
* device file. Some such files (e.g. /dev/kmem) permit "negative"
* offsets.
*
* Bail out if the calculation of a file offset would overflow.
*/
if ((io->flags & ISCHR) == 0 && (n < 0 || n > OFF_MAX / (ssize_t)sz))
errx(1, "seek offsets cannot be larger than %jd",
(intmax_t)OFF_MAX);
else if ((io->flags & ISCHR) != 0 && (uint64_t)n > UINT64_MAX / sz)
errx(1, "seek offsets cannot be larger than %ju",
(uintmax_t)UINT64_MAX);
return ((off_t)( (uint64_t)n * sz ));
}
/*
* Position input/output data streams before starting the copy. Device type
* dependent. Seekable devices use lseek, and the rest position by reading.
* Seeking past the end of file can cause null blocks to be written to the
* output.
*/
void
pos_in(void)
{
off_t cnt;
int warned;
ssize_t nr;
size_t bcnt;
/* If known to be seekable, try to seek on it. */
if (in.flags & ISSEEK) {
errno = 0;
if (lseek(in.fd, seek_offset(&in), SEEK_CUR) == -1 &&
errno != 0)
err(1, "%s", in.name);
return;
}
/* Don't try to read a really weird amount (like negative). */
if (in.offset < 0)
errx(1, "%s: illegal offset", "iseek/skip");
/*
* Read the data. If a pipe, read until satisfy the number of bytes
* being skipped. No differentiation for reading complete and partial
* blocks for other devices.
*/
for (bcnt = in.dbsz, cnt = in.offset, warned = 0; cnt;) {
if ((nr = read(in.fd, in.db, bcnt)) > 0) {
if (in.flags & ISPIPE) {
if (!(bcnt -= nr)) {
bcnt = in.dbsz;
--cnt;
}
} else
--cnt;
if (need_summary)
summary();
continue;
}
if (nr == 0) {
if (files_cnt > 1) {
--files_cnt;
continue;
}
errx(1, "skip reached end of input");
}
/*
* Input error -- either EOF with no more files, or I/O error.
* If noerror not set die. POSIX requires that the warning
* message be followed by an I/O display.
*/
if (ddflags & C_NOERROR) {
if (!warned) {
warn("%s", in.name);
warned = 1;
summary();
}
continue;
}
err(1, "%s", in.name);
}
}
void
pos_out(void)
{
struct mtop t_op;
off_t cnt;
ssize_t n;
/*
* If not a tape, try seeking on the file. Seeking on a pipe is
* going to fail, but don't protect the user -- they shouldn't
* have specified the seek operand.
*/
if (out.flags & (ISSEEK | ISPIPE)) {
errno = 0;
if (lseek(out.fd, seek_offset(&out), SEEK_CUR) == -1 &&
errno != 0)
err(1, "%s", out.name);
return;
}
/* Don't try to read a really weird amount (like negative). */
if (out.offset < 0)
errx(1, "%s: illegal offset", "oseek/seek");
/* If no read access, try using mtio. */
if (out.flags & NOREAD) {
t_op.mt_op = MTFSR;
t_op.mt_count = out.offset;
if (ioctl(out.fd, MTIOCTOP, &t_op) == -1)
err(1, "%s", out.name);
return;
}
/* Read it. */
for (cnt = 0; cnt < out.offset; ++cnt) {
if ((n = read(out.fd, out.db, out.dbsz)) > 0)
continue;
if (n == -1)
err(1, "%s", out.name);
/*
* If reach EOF, fill with NUL characters; first, back up over
* the EOF mark. Note, cnt has not yet been incremented, so
* the EOF read does not count as a seek'd block.
*/
t_op.mt_op = MTBSR;
t_op.mt_count = 1;
if (ioctl(out.fd, MTIOCTOP, &t_op) == -1)
err(1, "%s", out.name);
while (cnt++ < out.offset) {
n = write(out.fd, out.db, out.dbsz);
if (n == -1)
err(1, "%s", out.name);
if (n != out.dbsz)
errx(1, "%s: write failure", out.name);
}
break;
}
}