[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] unlzma: avoid UB shift
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Mykola Kvach <xakep.amatop@xxxxxxxxx>
- Date: Tue, 24 Mar 2026 18:24:31 +0200
- Arc-authentication-results: i=1; mx.google.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Uk1J0shv0ren+up2Q6z4S0bwgGP9AaPTIapT/x0ApEs=; fh=SmKtTP+//FoTguQaCWAbd7P0/DDZIbvi8at9iFw3jIU=; b=XygAqx/oirSDCciH2OAteGZMWq+mhPrk3m6oy9EPnsm/FsOJ3mN9LK1SuvrWqs9rV5 0ikrs4JdX1syXO32YXlKONYufK3m8St7QDD+AVy+NoWFGFOgiIUvYGajk0DJE7s1Ftf5 axDHHpce6KPo7SHNF0+3dn/LvEg5yhsRh3CQpVABBwlk7ZROIENXx4QknyBa7zQw83Nr SMa3NsToF//cn50sGD43Ozh9HrPlUcoe1jiie+AK05GMLn7r0ZwE4dsLCxij3tsCQxoN /2iBLwjop/xmx9Rvxm0cYon2dI7xsOHEzC5cofCFTBSB3MK+Ugof3mCNMhlwAfFKboX5 4mzg==; darn=lists.xenproject.org
- Arc-seal: i=1; a=rsa-sha256; t=1774369482; cv=none; d=google.com; s=arc-20240605; b=kzZBp3rE6f4wn+qgAe4AoByumMP8oRw6Hg8PdJyT3E7Nhz4mIvEme/juJrwZnXLf27 c/c33shkHsaBgCJkedS4gwmB36VVWDaBpYgHFx7/Ge9slxHhYFku4LJP4optQ1JydMs7 lwVM6VUkjZF3qWy8FIGvULNSvzwZPci6S5W7Xc0n19z2LBpyJpvMFvV0MGJr6ukbrhRb CR7yETDpiAtbJIxsUyQMhDZX+1A8HYqu8w3Ja+yJwJkAELTGa26ASQRZEoTCLO2sDUOA q+j1g4On4LjMzCthDItRM2dS6TN9AGmNrKS/ydRRRzQVg+kbwOGj98q9I+YbSUUn3u/X iLUw==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:MIME-Version"
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Kamil Frankowicz <kamil.frankowicz@xxxxxxx>
- Delivery-date: Tue, 24 Mar 2026 16:24:58 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Mar 24, 2026 at 5:27 PM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>
> Shifting signed quantities has restrictions. Since the wrapping macro of
> read_int() type-casts the result anyway, switch function return type as
> well as the local variable to the corresponding unsigned type.
>
> Reported-by: Kamil Frankowicz <kamil.frankowicz@xxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> We've inherited that code from Linux, and the same code still exists
> there. As I'm entirely uncertain whether they would even care, I'd prefer
> to not take the route of posting a patch against Linux first.
>
> --- a/xen/common/unlzma.c
> +++ b/xen/common/unlzma.c
> @@ -30,10 +30,10 @@
>
> #include "decompress.h"
>
> -static long long __init read_int(unsigned char *ptr, int size)
> +static unsigned long long __init read_int(unsigned char *ptr, int size)
nit: Since we're touching read_int() anyway, would it make sense to also
tighten the helper's interface, i.e. make ptr const and use size_t for
size?
That would better match the actual usage: the buffer is only read from,
and size is really a byte count, usually coming from sizeof().
> {
> int i;
> - long long ret = 0;
> + unsigned long long ret = 0;
>
> for (i = 0; i < size; i++)
> ret = (ret << 8) | ptr[size-i-1];
Separately, the loop could also be written without the temporary i, using
a simpler reverse traversal, for example:
while ( size )
ret = (ret << 8) | ptr[--size];
>
Best regards,
Mykola
|
