Univention Bugzilla – Bug 42725
Integer overflow when checking free space
Last modified: 2016-10-21 14:28:43 CEST
We calculate the free space in bytes, which overflows sizeof(int)=32 on i386 +++ This bug was initially created as a clone of Bug #42573 +++
The bug happens when the free space is in a certain range: printf "%'08x\n" $(($(stat -f -c %a*%S /var/lib/univention-directory-listener))) # 180.000.000 ^^ |+- if bit31 is set, the right-shift creates a negative value +-- bits32+ are stripped because of the cast to (long) /etc/init.d/univention-directory-listener stop cd /var/lib/univention-directory-listener mount -t tmpfs -o size=7G xxx /var/lib/univention-directory-listener printf '%x\n' $(stat -f -c %a /var/lib/univention-directory-listener) cp -pr * /var/lib/univention-directory-listener/ /etc/runit/univention-directory-listener/run umount $PWD /etc/init.d/univention-directory-listener start r73434 | Bug #42725 listener: Fix integer overflow r73435 | Bug #42725 listener: Fix integer overflow Package: univention-directory-listener Version: 10.0.0-20.338.201610211230 Branch: ucs_4.1-0 Scope: errata4.1-3 r73436 | Bug #42725 listener: Fix integer overflow YAML univention-directory-listener.yaml
OK - reproduced on 32bit, fixed with 10.0.0-20.338.201610211230 OK - yaml OK - merged to 4.2
<http://errata.software-univention.de/ucs/4.1/313.html>