From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 10 Jul 2016 14:14:08 +0000 (+0200)
Subject: tailf: Fix segmentation fault in tailf on 32 bit
X-Git-Tag: v2.29-rc1~156
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e3684760501439abce5b480e1d0a432a626e21f4;p=thirdparty%2Futil-linux.git

tailf: Fix segmentation fault in tailf on 32 bit

tailf crashes with a segmentation fault when used with a file that is
exactly 4GB in size due to an integer overflow between off_t and size_t:

$ dd if=/dev/zero of=tailf.crash bs=1 count=1 seek=4294967295
$ tailf tailf.crash
Segmentation fault
$ _

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/text-utils/tailf.c b/text-utils/tailf.c
index ea082c795e..6219aa2189 100644
--- a/text-utils/tailf.c
+++ b/text-utils/tailf.c
@@ -42,6 +42,7 @@
 #include <errno.h>
 #include <getopt.h>
 #include <sys/mman.h>
+#include <limits.h>
 
 #ifdef HAVE_INOTIFY_INIT
 #include <sys/inotify.h>
@@ -55,7 +56,7 @@
 
 #define DEFAULT_LINES  10
 
-/* st->st_size has to be greater than zero! */
+/* st->st_size has to be greater than zero and smaller or equal to SIZE_MAX! */
 static void tailf(const char *filename, size_t lines, struct stat *st)
 {
 	int fd;
@@ -281,7 +282,9 @@ int main(int argc, char **argv)
 		err(EXIT_FAILURE, _("stat of %s failed"), filename);
 	if (!S_ISREG(st.st_mode))
 		errx(EXIT_FAILURE, _("%s: is not a file"), filename);
-	if (st.st_size)
+
+	/* mmap is based on size_t */
+	if (st.st_size && (size_t) st.st_size <= SIZE_MAX)
 		tailf(filename, lines, &st);
 
 #ifdef HAVE_INOTIFY_INIT