[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] unlzma: avoid UB shift
- To: Mykola Kvach <xakep.amatop@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Tue, 24 Mar 2026 16:27:42 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TSuwt0CTbJVc24s/SyqRyF8liXaK5pmaSoDM9xtw38w=; b=uKbHE6QxsYKOcBfgqGgxIZdejmXc16P/56LCKn1+JocBDu44s/J6KDiTNRn+WD0obYiWSuoksLAdo+e35hzMpt1xbvQUHvPt3Zz4/graTIGfZ5OvsjmxkAmzf0ltdD4FBrJjQpjNPAcWpIdZGy/HSNwnXKqjsVqFu4aSxJSJnjFzBESLx6r1M9zkRv7AWLVqgTb58L2YKhHgVv3u80TTtfGo7IwRKONWTvGE3Jj5IDHzLj1rYnFPluoXNS6811fLlWWijX8igJ3dt7CzoBkMifkeqEuxmVtW0NB4NLI5fdAo8UkxfOwwGExaDBeO0FD6k0B5AIIfyU/MR6OAQJNo1A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VQwXJBmc5gM+bmh5JKfJ62Vo6rmKsus3ajqacn0YwJAB7RowLvXM3E9rZC7RjWi9XLfunTD8sTUEwtTTr8NfDW7Wow+kms3iSHxCd1GJQX+owDSUhIGbkKT9dbdkDlb0//h+xLch/PaPClrGUoLi3oP1mJ1WvCR6f7afqLaFGIf5OuK9i6v9mAfMJ6IusDvoU1t26nIi6+l8B12UUwLDI78vDVPLAd17U5pU2YXZaBat8UZGItjPCHXzuxsbLYiNVBNJa0DRs3iZ45nPwZ/bOAG/vo+G32CYRCRbaiW1ax99IW4GhfAX/XI69IlyN7KYBUHG3kRXCldMXME1vjVPIw==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Kamil Frankowicz <kamil.frankowicz@xxxxxxx>
- Delivery-date: Tue, 24 Mar 2026 16:27:57 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 24/03/2026 4:24 pm, Mykola Kvach wrote:
> On Tue, Mar 24, 2026 at 5:27 PM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>> Shifting signed quantities has restrictions. Since the wrapping macro of
>> read_int() type-casts the result anyway, switch function return type as
>> well as the local variable to the corresponding unsigned type.
>>
>> Reported-by: Kamil Frankowicz <kamil.frankowicz@xxxxxxx>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> ---
>> We've inherited that code from Linux, and the same code still exists
>> there. As I'm entirely uncertain whether they would even care, I'd prefer
>> to not take the route of posting a patch against Linux first.
>>
>> --- a/xen/common/unlzma.c
>> +++ b/xen/common/unlzma.c
>> @@ -30,10 +30,10 @@
>>
>> #include "decompress.h"
>>
>> -static long long __init read_int(unsigned char *ptr, int size)
>> +static unsigned long long __init read_int(unsigned char *ptr, int size)
> nit: Since we're touching read_int() anyway, would it make sense to also
> tighten the helper's interface, i.e. make ptr const and use size_t for
> size?
No, not mixed into a patch which is fixing a real bug. Cleanup can come
later.
This code is vendored from Linux. For better or worse we try not to
deviate, although that is going to have to change at some point.
~Andrew
|
