Re: [kvm-unit-tests PATCH v1 4/8] lib/alloc.c: add overflow check for calloc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22/06/2020 18.21, Claudio Imbrenda wrote:
> Add an overflow check for calloc to prevent potential multiplication overflow.
> 
> Signed-off-by: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx>
> ---
>  lib/alloc.c | 36 +++++++++++++++++++++++++++++++++++-
>  1 file changed, 35 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/alloc.c b/lib/alloc.c
> index ed8f5f9..f4aa87a 100644
> --- a/lib/alloc.c
> +++ b/lib/alloc.c
> @@ -6,9 +6,43 @@ void *malloc(size_t size)
>  	return memalign(sizeof(long), size);
>  }
>  
> +static bool mult_overflow(size_t a, size_t b)
> +{
> +#if BITS_PER_LONG == 32
> +	/* 32 bit system, easy case: just use u64 */
> +	return (u64)a * (u64)b >= (1ULL << 32);
> +#else
> +#ifdef __SIZEOF_INT128__
> +	/* if __int128 is available use it (like the u64 case above) */
> +	unsigned __int128 res = a;
> +	res *= b;
> +	res >>= 64;
> +	return res != 0;
> +#else
> +	u64 tmp;
> +
> +	if ((a >> 32) && (b >> 32))
> +		return true;
> +	if (!(a >> 32) && !(b >> 32))
> +		return false;
> +	tmp = (u32)a;
> +	tmp *= (u32)b;
> +	tmp >>= 32;
> +	if (a < b)
> +		tmp += a * (b >> 32);
> +	else
> +		tmp += b * (a >> 32);
> +	return tmp >> 32;
> +#endif /* __SIZEOF_INT128__ */
> +#endif /* BITS_PER_LONG == 32 */
> +}

This caused a new regression in the CI:

 https://gitlab.com/huth/kvm-unit-tests/-/jobs/606930599#L1754

 https://travis-ci.com/github/huth/kvm-unit-tests/jobs/352515116#L546

lib/alloc.c: In function 'mult_overflow':
lib/alloc.c:24:9: error: right shift count >= width of type
[-Werror=shift-count-overflow]
   24 |  if ((a >> 32) && (b >> 32))
      |         ^~
lib/alloc.c:24:22: error: right shift count >= width of type
[-Werror=shift-count-overflow]
   24 |  if ((a >> 32) && (b >> 32))
      |                      ^~
lib/alloc.c:26:10: error: right shift count >= width of type
[-Werror=shift-count-overflow]
   26 |  if (!(a >> 32) && !(b >> 32))
      |          ^~
lib/alloc.c:26:24: error: right shift count >= width of type
[-Werror=shift-count-overflow]
   26 |  if (!(a >> 32) && !(b >> 32))
      |                        ^~
lib/alloc.c:32:17: error: right shift count >= width of type
[-Werror=shift-count-overflow]
   32 |   tmp += a * (b >> 32);
      |                 ^~
lib/alloc.c:34:17: error: right shift count >= width of type
[-Werror=shift-count-overflow]
   34 |   tmp += b * (a >> 32);
      |                 ^~
cc1: all warnings being treated as errors

Claudio, any ideas how to fix that?

Paolo, could you maybe push your staging branches to Githab or Gitlab
first, to see whether there are any regressions in Travis or Gitlab-CI
before you push the branch to the main repo? ... almost all of the
recent updates broke something, and analyzing the problems afterwards is
a little bit cumbersome...

 Thomas




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux