While well-defined unsigned integer underflow might signal a logic
mistake or processing of unchecked user input. Please Clang's undefined
behavior sanitizer:
restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long'
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
policycoreutils/setfiles/restore.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 6131f46a..d045e948 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -77,8 +77,8 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
long unsigned *skipped_errors)
{
glob_t globbuf;
- size_t i = 0;
- int len, rc, errors;
+ size_t i, len;
+ int rc, errors;
memset(&globbuf, 0, sizeof(globbuf));
@@ -88,10 +88,10 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
return errors;
for (i = 0; i < globbuf.gl_pathc; i++) {
- len = strlen(globbuf.gl_pathv[i]) - 2;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+ len = strlen(globbuf.gl_pathv[i]);
+ if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0)
continue;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+ if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0)
continue;
rc = selinux_restorecon_parallel(globbuf.gl_pathv[i],
opts->restorecon_flags,
--
2.43.0
