|
|
71cd55 |
From 09405ba91c40e4e08f2212c946a432fa001d04bb Mon Sep 17 00:00:00 2001
|
|
|
71cd55 |
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
|
71cd55 |
Date: Thu, 1 Jul 2021 20:06:22 +0200
|
|
|
71cd55 |
Subject: [PATCH] libsepol: ignore UBSAN false-positives
|
|
|
71cd55 |
MIME-Version: 1.0
|
|
|
71cd55 |
Content-Type: text/plain; charset=UTF-8
|
|
|
71cd55 |
Content-Transfer-Encoding: 8bit
|
|
|
71cd55 |
|
|
|
71cd55 |
Unsigned integer overflow is well-defined and not undefined behavior.
|
|
|
71cd55 |
But it is still useful to enable undefined behavior sanitizer checks on
|
|
|
71cd55 |
unsigned arithmetic to detect possible issues on counters or variables
|
|
|
71cd55 |
with similar purpose.
|
|
|
71cd55 |
|
|
|
71cd55 |
Annotate functions, in which unsigned overflows are expected to happen,
|
|
|
71cd55 |
with the respective Clang function attribute[1].
|
|
|
71cd55 |
GCC does not support sanitizing unsigned integer arithmetic[2].
|
|
|
71cd55 |
|
|
|
71cd55 |
avtab.c:76:2: runtime error: unsigned integer overflow: 6 * 3432918353 cannot be represented in type 'unsigned int'
|
|
|
71cd55 |
policydb.c:795:42: runtime error: unsigned integer overflow: 8160943042179512010 * 11 cannot be represented in type 'unsigned long'
|
|
|
71cd55 |
symtab.c:25:12: runtime error: left shift of 1766601759 by 4 places cannot be represented in type 'unsigned int'
|
|
|
71cd55 |
|
|
|
71cd55 |
[1]: https://clang.llvm.org/docs/AttributeReference.html#no-sanitize
|
|
|
71cd55 |
[2]: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html
|
|
|
71cd55 |
|
|
|
71cd55 |
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
|
71cd55 |
---
|
|
|
71cd55 |
libsepol/src/avtab.c | 1 +
|
|
|
71cd55 |
libsepol/src/policydb.c | 1 +
|
|
|
71cd55 |
libsepol/src/private.h | 11 +++++++++++
|
|
|
71cd55 |
libsepol/src/symtab.c | 4 ++++
|
|
|
71cd55 |
4 files changed, 17 insertions(+)
|
|
|
71cd55 |
|
|
|
71cd55 |
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
|
|
|
71cd55 |
index 5e16a0e9899e..93505b20e4c0 100644
|
|
|
71cd55 |
--- a/libsepol/src/avtab.c
|
|
|
71cd55 |
+++ b/libsepol/src/avtab.c
|
|
|
71cd55 |
@@ -52,6 +52,7 @@
|
|
|
71cd55 |
/* Based on MurmurHash3, written by Austin Appleby and placed in the
|
|
|
71cd55 |
* public domain.
|
|
|
71cd55 |
*/
|
|
|
71cd55 |
+ignore_unsigned_overflow_
|
|
|
71cd55 |
static inline int avtab_hash(struct avtab_key *keyp, uint32_t mask)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
static const uint32_t c1 = 0xcc9e2d51;
|
|
|
71cd55 |
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
|
|
|
71cd55 |
index 0398ceed2574..7093d9b7028a 100644
|
|
|
71cd55 |
--- a/libsepol/src/policydb.c
|
|
|
71cd55 |
+++ b/libsepol/src/policydb.c
|
|
|
71cd55 |
@@ -789,6 +789,7 @@ static int roles_init(policydb_t * p)
|
|
|
71cd55 |
goto out;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
+ignore_unsigned_overflow_
|
|
|
71cd55 |
static inline unsigned long
|
|
|
71cd55 |
partial_name_hash(unsigned long c, unsigned long prevhash)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
|
|
|
71cd55 |
index c63238abe5f3..71287282fbc0 100644
|
|
|
71cd55 |
--- a/libsepol/src/private.h
|
|
|
71cd55 |
+++ b/libsepol/src/private.h
|
|
|
71cd55 |
@@ -49,6 +49,17 @@
|
|
|
71cd55 |
|
|
|
71cd55 |
#define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b)))
|
|
|
71cd55 |
|
|
|
71cd55 |
+/* Use to ignore intentional unsigned under- and overflows while running under UBSAN. */
|
|
|
71cd55 |
+#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
|
|
|
71cd55 |
+#if (__clang_major__ >= 12)
|
|
|
71cd55 |
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow", "unsigned-shift-base")))
|
|
|
71cd55 |
+#else
|
|
|
71cd55 |
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow")))
|
|
|
71cd55 |
+#endif
|
|
|
71cd55 |
+#else
|
|
|
71cd55 |
+#define ignore_unsigned_overflow_
|
|
|
71cd55 |
+#endif
|
|
|
71cd55 |
+
|
|
|
71cd55 |
/* Policy compatibility information. */
|
|
|
71cd55 |
struct policydb_compat_info {
|
|
|
71cd55 |
unsigned int type;
|
|
|
71cd55 |
diff --git a/libsepol/src/symtab.c b/libsepol/src/symtab.c
|
|
|
71cd55 |
index 9a417ca24b53..a60618510bd3 100644
|
|
|
71cd55 |
--- a/libsepol/src/symtab.c
|
|
|
71cd55 |
+++ b/libsepol/src/symtab.c
|
|
|
71cd55 |
@@ -8,9 +8,13 @@
|
|
|
71cd55 |
*/
|
|
|
71cd55 |
|
|
|
71cd55 |
#include <string.h>
|
|
|
71cd55 |
+
|
|
|
71cd55 |
+#include "private.h"
|
|
|
71cd55 |
+
|
|
|
71cd55 |
#include <sepol/policydb/hashtab.h>
|
|
|
71cd55 |
#include <sepol/policydb/symtab.h>
|
|
|
71cd55 |
|
|
|
71cd55 |
+ignore_unsigned_overflow_
|
|
|
71cd55 |
static unsigned int symhash(hashtab_t h, const_hashtab_key_t key)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
const char *p, *keyp;
|
|
|
71cd55 |
--
|
|
|
71cd55 |
2.32.0
|
|
|
71cd55 |
|