tailf: Fix segmentation fault in tailf on 32 bit

tailf crashes with a segmentation fault when used with a file that is
exactly 4GB in size due to an integer overflow between off_t and size_t:

$ dd if=/dev/zero of=tailf.crash bs=1 count=1 seek=4294967295
$ tailf tailf.crash
Segmentation fault
$ _

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/text-utils/tailf.c b/text-utils/tailf.c
index ea082c795e976b176e77b21af911b9776d99fa02..6219aa21898eeecf0f419dda024f13129bd8560a 100644 (file)
--- a/text-utils/tailf.c
+++ b/text-utils/tailf.c
@@ -42,6 +42,7 @@
 #include <errno.h>
 #include <getopt.h>
 #include <sys/mman.h>
+#include <limits.h>
 
 #ifdef HAVE_INOTIFY_INIT
 #include <sys/inotify.h>
@@ -55,7 +56,7 @@
 
 #define DEFAULT_LINES  10
 
-/* st->st_size has to be greater than zero! */
+/* st->st_size has to be greater than zero and smaller or equal to SIZE_MAX! */
 static void tailf(const char *filename, size_t lines, struct stat *st)
 {
        int fd;
@@ -281,7 +282,9 @@ int main(int argc, char **argv)
                err(EXIT_FAILURE, _("stat of %s failed"), filename);
        if (!S_ISREG(st.st_mode))
                errx(EXIT_FAILURE, _("%s: is not a file"), filename);
-       if (st.st_size)
+
+       /* mmap is based on size_t */
+       if (st.st_size && (size_t) st.st_size <= SIZE_MAX)
                tailf(filename, lines, &st);
 
 #ifdef HAVE_INOTIFY_INIT