hrev48646 adds 1 changeset to branch 'master' old head: 6e9704175eef7a3adbe28f74bd0712b1b2434310 new head: f894ab70eae60fd72f26403f8ff50d821705fa10 overview: http://cgit.haiku-os.org/haiku/log/?qt=range&q=f894ab7+%5E6e97041 ---------------------------------------------------------------------------- f894ab7: BMessage: Fix #11710. The refactored version of Unflatten() encapsulated the raw buffer into a BMemoryIO with a specified size of SIZE_MAX, since the total size of the messageisn't known up front. On 32-bit this was no problem, but on x86_64, this would lead to an overflow in BMemoryIO, since it stores its internal length as a size_t, which on that platform is the same size as off_t. Consequently, when it would cast its length to off_t to compare against the requested seek position in ReadAt/WriteAt, this would overflow to a negative, leading it to reject all requests, which subsequently caused Unflatten() to fail. [ Rene Gollent <anevilyak@xxxxxxxxx> ] ---------------------------------------------------------------------------- Revision: hrev48646 Commit: f894ab70eae60fd72f26403f8ff50d821705fa10 URL: http://cgit.haiku-os.org/haiku/commit/?id=f894ab7 Author: Rene Gollent <anevilyak@xxxxxxxxx> Date: Fri Jan 9 23:00:34 2015 UTC Ticket: https://dev.haiku-os.org/ticket/11710 ---------------------------------------------------------------------------- 1 file changed, 1 insertion(+), 1 deletion(-) src/kits/app/Message.cpp | 2 +- ---------------------------------------------------------------------------- diff --git a/src/kits/app/Message.cpp b/src/kits/app/Message.cpp index 15751b1..f1a4703 100644 --- a/src/kits/app/Message.cpp +++ b/src/kits/app/Message.cpp @@ -1278,7 +1278,7 @@ BMessage::Unflatten(const char* flatBuffer) if (format != MESSAGE_FORMAT_HAIKU) return BPrivate::MessageAdapter::Unflatten(format, this, flatBuffer); - BMemoryIO io(flatBuffer, SIZE_MAX); + BMemoryIO io(flatBuffer, SSIZE_MAX); return Unflatten(&io); }