c59879b8aa
Rebase on upstream commit 32611aea6543
See
$ cd SELinuxProject/selinux
$ git log --pretty=oneline libsepol-3.2..32611aea6543 -- libsepol
100 lines
3.4 KiB
Diff
100 lines
3.4 KiB
Diff
From 09405ba91c40e4e08f2212c946a432fa001d04bb Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Thu, 1 Jul 2021 20:06:22 +0200
|
|
Subject: [PATCH] libsepol: ignore UBSAN false-positives
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Unsigned integer overflow is well-defined and not undefined behavior.
|
|
But it is still useful to enable undefined behavior sanitizer checks on
|
|
unsigned arithmetic to detect possible issues on counters or variables
|
|
with similar purpose.
|
|
|
|
Annotate functions, in which unsigned overflows are expected to happen,
|
|
with the respective Clang function attribute[1].
|
|
GCC does not support sanitizing unsigned integer arithmetic[2].
|
|
|
|
avtab.c:76:2: runtime error: unsigned integer overflow: 6 * 3432918353 cannot be represented in type 'unsigned int'
|
|
policydb.c:795:42: runtime error: unsigned integer overflow: 8160943042179512010 * 11 cannot be represented in type 'unsigned long'
|
|
symtab.c:25:12: runtime error: left shift of 1766601759 by 4 places cannot be represented in type 'unsigned int'
|
|
|
|
[1]: https://clang.llvm.org/docs/AttributeReference.html#no-sanitize
|
|
[2]: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html
|
|
|
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
---
|
|
libsepol/src/avtab.c | 1 +
|
|
libsepol/src/policydb.c | 1 +
|
|
libsepol/src/private.h | 11 +++++++++++
|
|
libsepol/src/symtab.c | 4 ++++
|
|
4 files changed, 17 insertions(+)
|
|
|
|
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
|
|
index 5e16a0e9899e..93505b20e4c0 100644
|
|
--- a/libsepol/src/avtab.c
|
|
+++ b/libsepol/src/avtab.c
|
|
@@ -52,6 +52,7 @@
|
|
/* Based on MurmurHash3, written by Austin Appleby and placed in the
|
|
* public domain.
|
|
*/
|
|
+ignore_unsigned_overflow_
|
|
static inline int avtab_hash(struct avtab_key *keyp, uint32_t mask)
|
|
{
|
|
static const uint32_t c1 = 0xcc9e2d51;
|
|
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
|
|
index 0398ceed2574..7093d9b7028a 100644
|
|
--- a/libsepol/src/policydb.c
|
|
+++ b/libsepol/src/policydb.c
|
|
@@ -789,6 +789,7 @@ static int roles_init(policydb_t * p)
|
|
goto out;
|
|
}
|
|
|
|
+ignore_unsigned_overflow_
|
|
static inline unsigned long
|
|
partial_name_hash(unsigned long c, unsigned long prevhash)
|
|
{
|
|
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
|
|
index c63238abe5f3..71287282fbc0 100644
|
|
--- a/libsepol/src/private.h
|
|
+++ b/libsepol/src/private.h
|
|
@@ -49,6 +49,17 @@
|
|
|
|
#define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b)))
|
|
|
|
+/* Use to ignore intentional unsigned under- and overflows while running under UBSAN. */
|
|
+#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
|
|
+#if (__clang_major__ >= 12)
|
|
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow", "unsigned-shift-base")))
|
|
+#else
|
|
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow")))
|
|
+#endif
|
|
+#else
|
|
+#define ignore_unsigned_overflow_
|
|
+#endif
|
|
+
|
|
/* Policy compatibility information. */
|
|
struct policydb_compat_info {
|
|
unsigned int type;
|
|
diff --git a/libsepol/src/symtab.c b/libsepol/src/symtab.c
|
|
index 9a417ca24b53..a60618510bd3 100644
|
|
--- a/libsepol/src/symtab.c
|
|
+++ b/libsepol/src/symtab.c
|
|
@@ -8,9 +8,13 @@
|
|
*/
|
|
|
|
#include <string.h>
|
|
+
|
|
+#include "private.h"
|
|
+
|
|
#include <sepol/policydb/hashtab.h>
|
|
#include <sepol/policydb/symtab.h>
|
|
|
|
+ignore_unsigned_overflow_
|
|
static unsigned int symhash(hashtab_t h, const_hashtab_key_t key)
|
|
{
|
|
const char *p, *keyp;
|
|
--
|
|
2.32.0
|
|
|