On Tue, Jun 8, 2021 at 12:02 PM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > Unsigned integer overflow is well-defined and not undefined behavior. > But it is still useful to enable undefined behavior sanitizer checks on > unsigned arithmetic to detect possible issues on counters or variables > with similar purpose. > > Use a spaceship operator like comparison instead of subtraction. > > Modern compilers will generate a single comparison instruction instead > of actually perform the subtraction. > > policydb.c:826:17: runtime error: unsigned integer overflow: 24 - 1699 cannot be represented in type 'unsigned int' > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Acked-by: James Carter <jwcart2@xxxxxxxxx> > --- > libsepol/src/policydb.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c > index cbe0c432..3389a943 100644 > --- a/libsepol/src/policydb.c > +++ b/libsepol/src/policydb.c > @@ -823,11 +823,11 @@ static int filenametr_cmp(hashtab_t h __attribute__ ((unused)), > const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2; > int v; > > - v = ft1->ttype - ft2->ttype; > + v = (ft1->ttype > ft2->ttype) - (ft1->ttype < ft2->ttype); > if (v) > return v; > > - v = ft1->tclass - ft2->tclass; > + v = (ft1->tclass > ft2->tclass) - (ft1->tclass < ft2->tclass); > if (v) > return v; > > -- > 2.32.0 >
