While well-defined unsigned integer underflow might signal a logic mistake or processing of unchecked user input. Please Clang's undefined behavior sanitizer: restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long' Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- policycoreutils/setfiles/restore.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c index 6131f46a..d045e948 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c @@ -77,8 +77,8 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads, long unsigned *skipped_errors) { glob_t globbuf; - size_t i = 0; - int len, rc, errors; + size_t i, len; + int rc, errors; memset(&globbuf, 0, sizeof(globbuf)); @@ -88,10 +88,10 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads, return errors; for (i = 0; i < globbuf.gl_pathc; i++) { - len = strlen(globbuf.gl_pathv[i]) - 2; - if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0) + len = strlen(globbuf.gl_pathv[i]); + if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0) continue; - if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) + if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0) continue; rc = selinux_restorecon_parallel(globbuf.gl_pathv[i], opts->restorecon_flags, -- 2.43.0