[pkg-cryptsetup-devel] Bug#994056: cryptsetup: blkid check fails to take offset option into account
Thorsten Glaser
tg at mirbsd.de
Fri Oct 8 17:51:42 BST 2021
Guilhem Moulin dixit:
>first to report it I suppose nobody uses large offset= values. Don't
>think adding ‘Depends: bc’ is justified here :-P.
Eh, bc’s supposed to be a base tool anyway…
>Also in practice I was able to use offset=2⁵⁹
(buster-i386)tglase at tglase:~ $ echo '2^59' | bc
576460752303423488
(buster-i386)tglase at tglase:~ $ echo $(($(echo '2^59' | bc)*512))
0
(buster-i386)tglase at tglase:~ $ bash
bash$ echo $(($(echo '2^59' | bc)*512))
0
I’d not call this “use”.
> with bash, dash, klibc's sh and busybox's sh
mksh is also a viable /bin/sh (the /bin/lksh binary), and for that
I speak as developer ;)
>I'll just ignore the potential overflow. I'll just make the script
>choke when the arithmetic operation fails.
That’s the problem: the operation does not fail, it “only” overflows.
Overflowing *is* permitted (by C UB rules) to do “rm -rf /” even if
GCC does not (yet) do that… but even if it wraps around, you get the
WRONG values (see above).
(buster-i386)tglase at tglase:~ $ lksh -c 'echo $(($(echo "2^40" | bc)*512))'
0
(This is actually what POSIX requires. So bash, dash, etc. are
actually noncompliant on 32-bit platforms.)
So please, if you’re going to “ignore” this in practice, at least
install the code that checks for offset ≤ 4194303. I can provide
a corresponding patch, if you want.
bye,
//mirabilos
--
FWIW, I'm quite impressed with mksh interactively. I thought it was much
*much* more bare bones. But it turns out it beats the living hell out of
ksh93 in that respect. I'd even consider it for my daily use if I hadn't
wasted half my life on my zsh setup. :-) -- Frank Terbeck in #!/bin/mksh
More information about the pkg-cryptsetup-devel
mailing list