Unsigned integer overflow is well-defined and not undefined behavior.
But it is still useful to enable undefined behavior sanitizer checks on
unsigned arithmetic to detect possible issues on counters or variables
with similar purpose.
Use a spaceship operator like comparison instead of subtraction.
Modern compilers will generate a single comparison instruction instead
of actually perform the subtraction.
policydb.c:851:24: runtime error: unsigned integer overflow: 801 - 929 cannot be represented in type 'unsigned int'
This is similar to 1537ea84.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/src/policydb.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index ef2217c2..5ee78b4c 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -843,15 +843,15 @@ static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
const struct range_trans *key2 = (const struct range_trans *)k2;
int v;
- v = key1->source_type - key2->source_type;
+ v = (key1->source_type > key2->source_type) - (key1->source_type < key2->source_type);
if (v)
return v;
- v = key1->target_type - key2->target_type;
+ v = (key1->target_type > key2->target_type) - (key1->target_type < key2->target_type);
if (v)
return v;
- v = key1->target_class - key2->target_class;
+ v = (key1->target_class > key2->target_class) - (key1->target_class < key2->target_class);
return v;
}
--
2.32.0
