Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
libsepol: avoid unsigned integer overflow
Unsigned integer overflow is well-defined and not undefined behavior.
But it is still useful to enable undefined behavior sanitizer checks on
unsigned arithmetic to detect possible issues on counters or variables
with similar purpose.

Use a spaceship operator like comparison instead of subtraction.

Modern compilers will generate a single comparison instruction instead
of actually perform the subtraction.

policydb.c:826:17: runtime error: unsigned integer overflow: 24 - 1699 cannot be represented in type 'unsigned int'

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
  • Loading branch information
cgzones authored and jwcart2 committed Jun 24, 2021
1 parent 42f3d7c commit 1537ea8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions libsepol/src/policydb.c
Expand Up @@ -817,11 +817,11 @@ static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
int v;

v = ft1->ttype - ft2->ttype;
v = (ft1->ttype > ft2->ttype) - (ft1->ttype < ft2->ttype);
if (v)
return v;

v = ft1->tclass - ft2->tclass;
v = (ft1->tclass > ft2->tclass) - (ft1->tclass < ft2->tclass);
if (v)
return v;

Expand Down

0 comments on commit 1537ea8

Please sign in to comment.