Issues of 64-bit code in real programs: qsort

Andrey Karpov
Articles: 366

We continue the cycle of posts about 64-bit errors detected in real applications. Time passes, demands for memory being consumed grow more and more, and now the time has come when somebody decides to sort an array consisting of more than 2^31 items. For that purpose this person chooses the function qsort implemented in OpenBSD 4.5. The result is a 64-bit error detected.

Let us consider this error in detail. At the moment of writing this post, the last revision of the file "lib/libc/stdlib/qsort.c" included into OpenBSD 4.6. dates back to August, 2005. There, the function qsort employs the auxiliary variables "d" and "r" that have the type int:

qsort(void *aa, size_t n, size_t es,
  int (*cmp)(const void *, const void *))
  char *pa, *pb, *pc, *pd, *pl, *pm, *pn;
  int d, r, swaptype, swap_cnt;
  char *a = aa;
  . . . .

You may see the full text of the function here.

These variables are used to store different sizes and it leads to errors when processing a large number of items. The correction lies in declaring these variables as size_t:

size_t d, r;

This error is exemplary because it was detected only in 2010! It seems that a large number of errors in 64-bit programs will begin to occur when a standard user computer has more than 16 Gbytes of memory and programs begin to exploit it very actively.

Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 366

Bugs Found

Checked Projects
Collected Errors
12 743