Blame SOURCES/0096-libsepol-avoid-unsigned-integer-overflow.patch

71cd55
From 44d56761bed0a394cceb4b0c57fee4fc0e4d9a85 Mon Sep 17 00:00:00 2001
71cd55
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
71cd55
Date: Tue, 6 Jul 2021 19:36:29 +0200
71cd55
Subject: [PATCH] libsepol: avoid unsigned integer overflow
71cd55
MIME-Version: 1.0
71cd55
Content-Type: text/plain; charset=UTF-8
71cd55
Content-Transfer-Encoding: 8bit
71cd55
71cd55
Unsigned integer overflow is well-defined and not undefined behavior.
71cd55
It is commonly used for hashing or pseudo random number generation.
71cd55
But it is still useful to enable undefined behavior sanitizer checks on
71cd55
unsigned arithmetic to detect possible issues on counters or variables
71cd55
with similar purpose or missed overflow checks on user input.
71cd55
71cd55
Use a spaceship operator like comparison instead of subtraction.
71cd55
71cd55
    policydb.c:851:24: runtime error: unsigned integer overflow: 801 - 929 cannot be represented in type 'unsigned int'
71cd55
71cd55
Follow-up of: 1537ea8412e4 ("libsepol: avoid unsigned integer overflow")
71cd55
71cd55
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
71cd55
---
71cd55
 libsepol/src/policydb.c | 10 +++++-----
71cd55
 libsepol/src/private.h  |  2 ++
71cd55
 2 files changed, 7 insertions(+), 5 deletions(-)
71cd55
71cd55
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
71cd55
index ef2217c28c91..0398ceed2574 100644
71cd55
--- a/libsepol/src/policydb.c
71cd55
+++ b/libsepol/src/policydb.c
71cd55
@@ -817,11 +817,11 @@ static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
71cd55
 	const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
71cd55
 	int v;
71cd55
 
71cd55
-	v = (ft1->ttype > ft2->ttype) - (ft1->ttype < ft2->ttype);
71cd55
+	v = spaceship_cmp(ft1->ttype, ft2->ttype);
71cd55
 	if (v)
71cd55
 		return v;
71cd55
 
71cd55
-	v = (ft1->tclass > ft2->tclass) - (ft1->tclass < ft2->tclass);
71cd55
+	v = spaceship_cmp(ft1->tclass, ft2->tclass);
71cd55
 	if (v)
71cd55
 		return v;
71cd55
 
71cd55
@@ -843,15 +843,15 @@ static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
71cd55
 	const struct range_trans *key2 = (const struct range_trans *)k2;
71cd55
 	int v;
71cd55
 
71cd55
-	v = key1->source_type - key2->source_type;
71cd55
+	v = spaceship_cmp(key1->source_type, key2->source_type);
71cd55
 	if (v)
71cd55
 		return v;
71cd55
 
71cd55
-	v = key1->target_type - key2->target_type;
71cd55
+	v = spaceship_cmp(key1->target_type, key2->target_type);
71cd55
 	if (v)
71cd55
 		return v;
71cd55
 
71cd55
-	v = key1->target_class - key2->target_class;
71cd55
+	v = spaceship_cmp(key1->target_class, key2->target_class);
71cd55
 
71cd55
 	return v;
71cd55
 }
71cd55
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
71cd55
index 72f212628314..c63238abe5f3 100644
71cd55
--- a/libsepol/src/private.h
71cd55
+++ b/libsepol/src/private.h
71cd55
@@ -47,6 +47,8 @@
71cd55
 #define is_saturated(x) (x == (typeof(x))-1)
71cd55
 #define zero_or_saturated(x) ((x == 0) || is_saturated(x))
71cd55
 
71cd55
+#define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b)))
71cd55
+
71cd55
 /* Policy compatibility information. */
71cd55
 struct policydb_compat_info {
71cd55
 	unsigned int type;
71cd55
-- 
71cd55
2.32.0
71cd55