[Toybox] ToT still broken...

[Rob Landley]

On 09/20/2018 02:46 PM, enh wrote:
> i see you fixed my file.c mistake (but don't appear to have seen my
> patch --- is the list borked again?), but you've introduced a new one
> since:
> 
> external/toybox/main.c:160:9: error: taking the absolute value of
> unsigned type 'unsigned long' has no effect [-Werror,-Wabsolute-value]
>     if (labs((unsigned long)toys.stacktop-(unsigned long)&which)>6000) return;

Blah, that's why it was signed: stack growth order isn't guaranteed (ok, the
only architecture I'm aware of it growing up on is parisc, but still...) so
either order of subtraction can produce a negative number, so abs().

*shrug* It's worked for years as signed long, and if some crazy compiler
"optimizes away" a test that's well-defined in two's complement, that compiler
is broken.

(I'm pretty sure you can't have an integer overflow here because two pointers on
the same sack aren't going to straddle the zero page and the vdso, and I know
they never _used_ to straddle the address range midpoint because the high half
was perma-mapped kernel address and the low half was userspace, yes even on 64
bit, but between ASLR* and the prefetch mitigations I dunno what it'll look like
in future. Two's complement math should still give the right answer if the
compiler gets out of its #%&*(%&# way.)

Rob

* It's a thing that gives security guys brain tingles, there are multiple
youtube videos on it.