From: Ondrej Mosnacek <omosnace@redhat.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH 04/23] libsepol: ignore UBSAN false-positives
Date: Wed, 9 Jun 2021 15:44:20 +0200 [thread overview]
Message-ID: <CAFqZXNvGcN1BrT=6eaKsgMe7XAWv7Ynn6xsBOD26aN03xn1MiA@mail.gmail.com> (raw)
In-Reply-To: <20210608155912.32047-5-cgzones@googlemail.com>
On Tue, Jun 8, 2021 at 6:01 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
> Unsigned integer overflow is well-defined and not undefined behavior.
> But it is still useful to enable undefined behavior sanitizer checks on
> unsigned arithmetic to detect possible issues on counters or variables
> with similar purpose.
>
> Annotate functions in which unsigned overflows are expected to happen.
>
> avtab.c:76:2: runtime error: unsigned integer overflow: 6 * 3432918353 cannot be represented in type 'unsigned int'
> policydb.c:795:42: runtime error: unsigned integer overflow: 8160943042179512010 * 11 cannot be represented in type 'unsigned long'
> symtab.c:25:12: runtime error: left shift of 1766601759 by 4 places cannot be represented in type 'unsigned int'
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> libsepol/src/avtab.c | 6 ++++++
> libsepol/src/policydb.c | 6 ++++++
> libsepol/src/symtab.c | 6 ++++++
> 3 files changed, 18 insertions(+)
>
> diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
> index 257f051a..c2ccb005 100644
> --- a/libsepol/src/avtab.c
> +++ b/libsepol/src/avtab.c
> @@ -52,6 +52,12 @@
> /* Based on MurmurHash3, written by Austin Appleby and placed in the
> * public domain.
> */
> +#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
> +__attribute__((no_sanitize("unsigned-integer-overflow")))
> +#if (__clang_major__ >= 12)
> +__attribute__((no_sanitize("unsigned-shift-base")))
> +#endif
> +#endif
Perhaps this could be defined as a common macro in
libsepol/src/private.h instead of duplicating it in three places?
> static inline int avtab_hash(struct avtab_key *keyp, uint32_t mask)
> {
> static const uint32_t c1 = 0xcc9e2d51;
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index fc1d0711..cbe0c432 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -789,6 +789,12 @@ static int roles_init(policydb_t * p)
> goto out;
> }
>
> +#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
> +__attribute__((no_sanitize("unsigned-integer-overflow")))
> +#if (__clang_major__ >= 12)
> +__attribute__((no_sanitize("unsigned-shift-base")))
> +#endif
> +#endif
> static inline unsigned long
> partial_name_hash(unsigned long c, unsigned long prevhash)
> {
> diff --git a/libsepol/src/symtab.c b/libsepol/src/symtab.c
> index 9a417ca2..738fa0a4 100644
> --- a/libsepol/src/symtab.c
> +++ b/libsepol/src/symtab.c
> @@ -11,6 +11,12 @@
> #include <sepol/policydb/hashtab.h>
> #include <sepol/policydb/symtab.h>
>
> +#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
> +__attribute__((no_sanitize("unsigned-integer-overflow")))
> +#if (__clang_major__ >= 12)
> +__attribute__((no_sanitize("unsigned-shift-base")))
> +#endif
> +#endif
> static unsigned int symhash(hashtab_t h, const_hashtab_key_t key)
> {
> const char *p, *keyp;
> --
> 2.32.0
>
--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
next prev parent reply other threads:[~2021-06-09 13:44 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 15:58 [PATCH 00/23] libsepol: miscellaneous cleanup Christian Göttsche
2021-06-08 15:58 ` [PATCH 01/23] libsepol: fix typos Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:58 ` [PATCH 02/23] libsepol: resolve missing prototypes Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:58 ` [PATCH 03/23] libsepol: remove unused functions Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:58 ` [PATCH 04/23] libsepol: ignore UBSAN false-positives Christian Göttsche
2021-06-09 13:44 ` Ondrej Mosnacek [this message]
2021-06-09 14:05 ` James Carter
2021-07-01 18:06 ` [PATCH v2 1/3] " Christian Göttsche
2021-07-12 7:34 ` Nicolas Iooss
2021-07-13 19:59 ` Nicolas Iooss
2021-06-08 15:58 ` [PATCH 05/23] libsepol: avoid implicit conversions Christian Göttsche
2021-06-09 13:47 ` Ondrej Mosnacek
2021-07-01 18:06 ` [PATCH v2 2/3] " Christian Göttsche
2021-07-12 7:36 ` Nicolas Iooss
2021-07-13 20:01 ` Nicolas Iooss
2021-06-08 15:58 ` [PATCH 06/23] libsepol: avoid unsigned integer overflow Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:58 ` [PATCH 07/23] libsepol: follow declaration-after-statement Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:58 ` [PATCH 08/23] libsepol/cil: " Christian Göttsche
2021-06-21 20:56 ` James Carter
2021-06-08 15:58 ` [PATCH 09/23] libsepol: remove dead stores Christian Göttsche
2021-06-08 15:58 ` [PATCH 10/23] libsepol: mark read-only parameters of ebitmap interfaces const Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:59 ` [PATCH 11/23] libsepol: mark read-only parameters of type_set_ " Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:59 ` [PATCH 12/23] libsepol: do not allocate memory of size 0 Christian Göttsche
2021-06-21 20:59 ` James Carter
2021-06-08 15:59 ` [PATCH 13/23] libsepol: assure string NUL-termination Christian Göttsche
2021-06-09 14:38 ` James Carter
2021-07-01 18:07 ` [PATCH v2 3/3] libsepol: assure string NUL-termination of ibdev_name Christian Göttsche
2021-07-12 7:35 ` Nicolas Iooss
2021-07-13 19:59 ` Nicolas Iooss
2021-06-08 15:59 ` [PATCH 14/23] libsepol: remove dead stores Christian Göttsche
2021-06-08 15:59 ` [PATCH 15/23] libsepol/cil: silence cast warning Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:59 ` [PATCH 16/23] libsepol/cil: drop extra semicolon Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:59 ` [PATCH 17/23] libsepol/cil: drop dead store Christian Göttsche
2021-06-21 20:56 ` James Carter
2021-06-08 15:59 ` [PATCH 18/23] libsepol/cil: drop unnecessary casts Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:59 ` [PATCH 19/23] libsepol/cil: avoid using maybe uninitialized variables Christian Göttsche
2021-06-21 21:00 ` James Carter
2021-06-08 15:59 ` [PATCH 20/23] libsepol: drop repeated semicolons Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:59 ` [PATCH 21/23] libsepol: drop unnecessary casts Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:59 ` [PATCH 22/23] libsepol: declare file local variable static Christian Göttsche
2021-06-21 21:00 ` James Carter
2021-06-08 15:59 ` [PATCH 23/23] libsepol: declare read-only arrays const Christian Göttsche
2021-06-21 20:59 ` James Carter
2021-06-24 14:29 ` [PATCH 00/23] libsepol: miscellaneous cleanup James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFqZXNvGcN1BrT=6eaKsgMe7XAWv7Ynn6xsBOD26aN03xn1MiA@mail.gmail.com' \
--to=omosnace@redhat.com \
--cc=cgzones@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).