From: Ondrej Mosnacek <omosnace@redhat.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH 05/23] libsepol: avoid implicit conversions
Date: Wed, 9 Jun 2021 15:47:40 +0200 [thread overview]
Message-ID: <CAFqZXNvZL+1TKUeJpa_npxBpoQJq_0dHDTYYkXXSU8XtZK=sdA@mail.gmail.com> (raw)
In-Reply-To: <20210608155912.32047-6-cgzones@googlemail.com>
On Tue, Jun 8, 2021 at 5:59 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Avoid implicit conversions from signed to unsigned values, found by
> UB sanitizers, by using unsigned values in the first place.
>
> expand.c:1644:18: runtime error: implicit conversion from type 'int' of value -1 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)
>
> expand.c:2892:24: runtime error: implicit conversion from type 'int' of value -2 (32-bit, signed) to type 'unsigned int' changed the value to 4294967294 (32-bit, unsigned)
>
> policy_define.c:2344:4: runtime error: implicit conversion from type 'int' of value -1048577 (32-bit, signed) to type 'unsigned int' changed the value to 4293918719 (32-bit, unsigned)
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> libsepol/include/sepol/policydb/conditional.h | 2 +-
> libsepol/include/sepol/policydb/policydb.h | 2 +-
> libsepol/src/expand.c | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/libsepol/include/sepol/policydb/conditional.h b/libsepol/include/sepol/policydb/conditional.h
> index 9c3df3ef..db3ef98d 100644
> --- a/libsepol/include/sepol/policydb/conditional.h
> +++ b/libsepol/include/sepol/policydb/conditional.h
> @@ -90,7 +90,7 @@ typedef struct cond_node {
> uint32_t expr_pre_comp;
> struct cond_node *next;
> /* a tunable conditional, calculated and used at expansion */
> -#define COND_NODE_FLAGS_TUNABLE 0x01
> +#define COND_NODE_FLAGS_TUNABLE 0x01U
UINT32_C(0x01) would be better here.
> uint32_t flags;
> } cond_node_t;
>
> diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
> index 9ef43abc..c29339dc 100644
> --- a/libsepol/include/sepol/policydb/policydb.h
> +++ b/libsepol/include/sepol/policydb/policydb.h
> @@ -253,7 +253,7 @@ typedef struct class_perm_node {
>
> #define xperm_test(x, p) (1 & (p[x >> 5] >> (x & 0x1f)))
> #define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f)))
> -#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f)))
> +#define xperm_clear(x, p) (p[x >> 5] &= ~(1U << (x & 0x1f)))
Ditto here (used on av_extended_perms_t::perms, which is uint32_t).
And xperm_test() and xperm_set() should be also updated in the same
way.
> #define EXTENDED_PERMS_LEN 8
>
> typedef struct av_extended_perms {
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index 84bfcfa3..35e45780 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -1641,7 +1641,7 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
> * AUDITDENY, aka DONTAUDIT, are &= assigned, versus |= for
> * others. Initialize the data accordingly.
> */
> - avdatum.data = key->specified == AVTAB_AUDITDENY ? ~0 : 0;
> + avdatum.data = key->specified == AVTAB_AUDITDENY ? ~0U : 0U;
Also UINT32_C().
> /* this is used to get the node - insertion is actually unique */
> node = avtab_insert_nonunique(avtab, key, &avdatum);
> if (!node) {
> --
> 2.32.0
>
--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
next prev parent reply other threads:[~2021-06-09 13:47 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 15:58 [PATCH 00/23] libsepol: miscellaneous cleanup Christian Göttsche
2021-06-08 15:58 ` [PATCH 01/23] libsepol: fix typos Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:58 ` [PATCH 02/23] libsepol: resolve missing prototypes Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:58 ` [PATCH 03/23] libsepol: remove unused functions Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:58 ` [PATCH 04/23] libsepol: ignore UBSAN false-positives Christian Göttsche
2021-06-09 13:44 ` Ondrej Mosnacek
2021-06-09 14:05 ` James Carter
2021-07-01 18:06 ` [PATCH v2 1/3] " Christian Göttsche
2021-07-12 7:34 ` Nicolas Iooss
2021-07-13 19:59 ` Nicolas Iooss
2021-06-08 15:58 ` [PATCH 05/23] libsepol: avoid implicit conversions Christian Göttsche
2021-06-09 13:47 ` Ondrej Mosnacek [this message]
2021-07-01 18:06 ` [PATCH v2 2/3] " Christian Göttsche
2021-07-12 7:36 ` Nicolas Iooss
2021-07-13 20:01 ` Nicolas Iooss
2021-06-08 15:58 ` [PATCH 06/23] libsepol: avoid unsigned integer overflow Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:58 ` [PATCH 07/23] libsepol: follow declaration-after-statement Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:58 ` [PATCH 08/23] libsepol/cil: " Christian Göttsche
2021-06-21 20:56 ` James Carter
2021-06-08 15:58 ` [PATCH 09/23] libsepol: remove dead stores Christian Göttsche
2021-06-08 15:58 ` [PATCH 10/23] libsepol: mark read-only parameters of ebitmap interfaces const Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:59 ` [PATCH 11/23] libsepol: mark read-only parameters of type_set_ " Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:59 ` [PATCH 12/23] libsepol: do not allocate memory of size 0 Christian Göttsche
2021-06-21 20:59 ` James Carter
2021-06-08 15:59 ` [PATCH 13/23] libsepol: assure string NUL-termination Christian Göttsche
2021-06-09 14:38 ` James Carter
2021-07-01 18:07 ` [PATCH v2 3/3] libsepol: assure string NUL-termination of ibdev_name Christian Göttsche
2021-07-12 7:35 ` Nicolas Iooss
2021-07-13 19:59 ` Nicolas Iooss
2021-06-08 15:59 ` [PATCH 14/23] libsepol: remove dead stores Christian Göttsche
2021-06-08 15:59 ` [PATCH 15/23] libsepol/cil: silence cast warning Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:59 ` [PATCH 16/23] libsepol/cil: drop extra semicolon Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:59 ` [PATCH 17/23] libsepol/cil: drop dead store Christian Göttsche
2021-06-21 20:56 ` James Carter
2021-06-08 15:59 ` [PATCH 18/23] libsepol/cil: drop unnecessary casts Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:59 ` [PATCH 19/23] libsepol/cil: avoid using maybe uninitialized variables Christian Göttsche
2021-06-21 21:00 ` James Carter
2021-06-08 15:59 ` [PATCH 20/23] libsepol: drop repeated semicolons Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:59 ` [PATCH 21/23] libsepol: drop unnecessary casts Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:59 ` [PATCH 22/23] libsepol: declare file local variable static Christian Göttsche
2021-06-21 21:00 ` James Carter
2021-06-08 15:59 ` [PATCH 23/23] libsepol: declare read-only arrays const Christian Göttsche
2021-06-21 20:59 ` James Carter
2021-06-24 14:29 ` [PATCH 00/23] libsepol: miscellaneous cleanup James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFqZXNvZL+1TKUeJpa_npxBpoQJq_0dHDTYYkXXSU8XtZK=sdA@mail.gmail.com' \
--to=omosnace@redhat.com \
--cc=cgzones@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).