The commit dfd6f7b5f brought large file detection in the autoconf file to fix process scanning on linux in x86 architecture. This is however a bit flaky, because:
process scanning won't work on systems that do not have LFS, which does not make sense (although I don't really know how autoconf detects it or not).
the fix does not work if the compilation is done without the use of autoconf, and _FILE_OFFSET_BITS is not defined. This is for example the case for yara-rust, where the process scanning does not work on linux 32bits for this reason.
This breaks process scanning because without it, the pread function on the mem file will fail if provided with an offset bigger than INT32_MAX, which will always happen for processes.
A better fix is to use the pread64 syscall, which always takes a 64-bits value for the offset. This is the actual linux syscall, so it is completely safe.
The commit dfd6f7b5f brought large file detection in the autoconf file to fix process scanning on linux in x86 architecture. This is however a bit flaky, because:
_FILE_OFFSET_BITS
is not defined. This is for example the case for yara-rust, where the process scanning does not work on linux 32bits for this reason.This breaks process scanning because without it, the pread function on the mem file will fail if provided with an offset bigger than INT32_MAX, which will always happen for processes.
A better fix is to use the pread64 syscall, which always takes a 64-bits value for the offset. This is the actual linux syscall, so it is completely safe.
See for example the exact same fix on chromium:
https://groups.google.com/a/chromium.org/g/crashpad-dev/c/IJLo8M2AQs0/m/Edyyau2LAwAJ