rsync - Jun 2003 - Red Hat rsync - 'sign' patch

I recently became the new rsync maintainer for Red Hat,
and I just completed a review of the current patches that
we (Red Hat) maintain for 'rsync'.  After removing three
unnecessary patches (either already incorporated into
rsync-2.5.6, or were outdated and couldn't be applied),
we are left with one patch - rsync-2.5.6-sign.patch -
which I have attached.
                                                                                
AFAICT, back in the vicinity of January 2002, a patch
(call this patch 'A') was developed to close an 'rsync
remote hole' - the patch switched variables in
'sum_struct' to size_t.  According to some documentation
I have read, that patch itself introduced some comparisons
between signed and unsigned, which "can cause rsync to
not work properly".
                                                                                
The patch I have included (rsync-2.5.6-sign.patch), which
is the only one currently that we (Red Hat) plan to
maintain going forward, is a patch that attempts to fix
the signed vs. unsigned comparison's introduced by patch
'A'.
                                                                                
Please review rsync-2.5.6-sign.patch and let me know what
your thoughts are.  My hope is that the rsync
maintainers will address all the signed vs.  unsigned
comparison issues in rsync - if that were done, I could
remove this final patch, and Red Hat could then maintain
rsync with *no* patches.
                                                                                
Rsync maintainers, please let me know your thoughts on
this patch.
                                                                                
Thanks.
                                                                                
Hardy Merrill
Red Hat, Inc.

-- 
Hardy Merrill
Red Hat, Inc.
-------------- next part --------------
diff -ur rsync-2.5.6/io.c rsync-2.5.6-sign/io.c
--- rsync-2.5.6/io.c	2002-04-10 22:11:50.000000000 -0400
+++ rsync-2.5.6-sign/io.c	2003-06-05 14:05:54.000000000 -0400
@@ -605,7 +605,7 @@
 	}
 
 	while (len) {
-		int n = MIN((int) len, IO_BUFFER_SIZE-io_buffer_count);
+		ssize_t n = MIN((ssize_t) len, IO_BUFFER_SIZE-io_buffer_count);
 		if (n > 0) {
 			memcpy(io_buffer+io_buffer_count, buf, n);
 			buf += n;
Only in rsync-2.5.6-sign/: io.c.orig
diff -ur rsync-2.5.6/match.c rsync-2.5.6-sign/match.c
--- rsync-2.5.6/match.c	2002-04-09 02:11:06.000000000 -0400
+++ rsync-2.5.6-sign/match.c	2003-06-05 14:05:54.000000000 -0400
@@ -190,13 +190,13 @@
 
 		sum = (s1 & 0xffff) | (s2 << 16);
 		tag_hits++;
-		for (; j < (int) s->count && targets[j].t == t; j++) {
+		for (; j < (ssize_t) s->count && targets[j].t == t; j++) {
 			int l, i = targets[j].i;
 			
 			if (sum != s->sums[i].sum1) continue;
 			
 			/* also make sure the two blocks are the same length */
-			l = MIN(s->n,len-offset);
+			l = MIN((ssize_t)s->n,len-offset);
 			if (l != s->sums[i].len) continue;			
 
 			if (verbose > 3)
@@ -216,7 +216,7 @@
 
 			/* we've found a match, but now check to see
                            if last_i can hint at a better match */
-			for (j++; j < (int) s->count && targets[j].t == t; j++) {
+			for (j++; j < (ssize_t) s->count && targets[j].t == t; j++) {
 				int i2 = targets[j].i;
 				if (i2 == last_i + 1) {
 					if (sum != s->sums[i2].sum1) break;
@@ -232,7 +232,7 @@
 			
 			matched(f,s,buf,offset,i);
 			offset += s->sums[i].len - 1;
-			k = MIN((len-offset), s->n);
+			k = MIN((len-offset), (ssize_t)s->n);
 			map = (schar *)map_ptr(buf,offset,k);
 			sum = get_checksum1((char *)map, k);
 			s1 = sum & 0xFFFF;
@@ -262,7 +262,7 @@
 		   running match, the checksum update and the
 		   literal send. */
 		if (offset > last_match &&
-		    offset-last_match >= CHUNK_SIZE+s->n && 
+		    offset-last_match >= (ssize_t)(CHUNK_SIZE+s->n) && 
 		    (end-offset > CHUNK_SIZE)) {
 			matched(f,s,buf,offset - s->n, -2);
 		}
Only in rsync-2.5.6-sign/: match.c.orig

On Mon, Jun 09, 2003 at 01:56:34PM -0400, Hardy Merrill
wrote:
> I recently became the new rsync maintainer for Red Hat,
> and I just completed a review of the current patches that
> we (Red Hat) maintain for 'rsync'.  After removing three
> unnecessary patches (either already incorporated into
> rsync-2.5.6, or were outdated and couldn't be applied),
> we are left with one patch - rsync-2.5.6-sign.patch -
> which I have attached.
It would be much easier if you would use patches against
current cvs.  That is what the patch would have to be
applied against.  There is quite a bit of difference, at
least in line-numbers between 2.5.6 and cvs.
> AFAICT, back in the vicinity of January 2002, a patch
> (call this patch 'A') was developed to close an 'rsync
> remote hole' - the patch switched variables in
> 'sum_struct' to size_t.  According to some documentation
> I have read, that patch itself introduced some comparisons
> between signed and unsigned, which "can cause rsync to
> not work properly".
What documentation?  Define improperly.  I would like more
than just vague hearsay assertions.  A test case showing
improper behaviour or specific code analysis showing a type
mismatch that actually could (even if only in theory) impact
behaviour.
> The patch I have included (rsync-2.5.6-sign.patch), which
> is the only one currently that we (Red Hat) plan to
> maintain going forward, is a patch that attempts to fix
> the signed vs. unsigned comparison's introduced by patch
> 'A'.
You have introduced a type that is not used anywhere else in
rsync "ssize_t". That is generally not a good idea.  Rsync
has to build and run on all sorts of systems and introducing
a new type without having a fallback definition in rsync.h
and autoconf.  ssize_t wouldn't happen to be the equivalent
of off_t would it?


-- 
________________________________________________________________
	J.W. Schultz            Pegasystems Technologies
	email address:		jw@pegasys.ws

		Remember Cernan and Schmitt