[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 0/2] libfdt: eliminate UB pointer validation
The other day, in the context of what is now cf38b4926e2b ("xmalloc: guard against integer overflow"), Andrew had suggested to look into using gcc's __builtin_*_overflow(). The functions don't lend themselves to be used there with the logic currently in place (albeit we may still want to consider adjustments there), but I then went on to see whether we have any other overflow checks wanting conversion. One thing I noticed was that for unsigned integer arithmetic the compiler normally does fine recognizing the intent without using the builtins. And while I didn't to spot any signed integer overflow checks (which likely would have been UB anyway), I did spot two in libfdt. After figuring out where exactly that code was taken from, I spotted a fix for one of the two in the upstream repo, and I submitted a fix for the other one there first. Here are the backports thereof, as I don't myself want to get into the business of bumping the libfdt version in our repo. 1: Fix undefined behaviour in fdt_offset_ptr() 2: fix undefined behaviour in _fdt_splice() Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |