This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h
- From: Will Newton <will dot newton at linaro dot org>
- To: Andreas Jaeger <aj at suse dot com>
- Cc: libc-alpha <libc-alpha at sourceware dot org>
- Date: Thu, 9 May 2013 15:53:15 +0100
- Subject: Re: [BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h
- References: <518BB745 dot 6090504 at suse dot com>
On 9 May 2013 15:48, Andreas Jaeger <aj@suse.com> wrote:
>
> From Bugzilla:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file sysdeps/unix/sysv/linux/bits/sched.h, the cpu set macros attempt to
> check for overflow of the cpu index, but fail to do so properly due to an
> integer overflow error. The condition:
>
> 147 __cpu < 8 * (setsize)
>
> overflows if setsize is greater than SIZE_MAX/8. The correct test would be:
>
> __cpu/8 < (setsize)
>
> which is valid since the low 3 bits of __cpu are irrelevant to whether the
> index overflows.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> I've fixed all three occurences of this problem.
>
> Ok to commit?
>
> Andreas
>
> 2013-05-09 Andreas Jaeger <aj@suse.de>
>
> [BZ #15448]
> * sysdeps/unix/sysv/linux/bits/sched.h (__CPU_SET_S)
> (__CPU_CLR_S, __CPU_ISSET_S): Avoid integer overflow.
>
> diff --git a/sysdeps/unix/sysv/linux/bits/sched.h b/sysdeps/unix/sysv/linux/bits/sched.h
> index 5e8057b..9513155 100644
> --- a/sysdeps/unix/sysv/linux/bits/sched.h
> +++ b/sysdeps/unix/sysv/linux/bits/sched.h
> @@ -144,21 +144,21 @@ typedef struct
> # define __CPU_SET_S(cpu, setsize, cpusetp) \
> (__extension__ \
> ({ size_t __cpu = (cpu); \
> - __cpu < 8 * (setsize) \
> + __cpu / 8 < (setsize) \
> ? (((__cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)] \
> |= __CPUMASK (__cpu)) \
> : 0; }))
> # define __CPU_CLR_S(cpu, setsize, cpusetp) \
> (__extension__ \
> ({ size_t __cpu = (cpu); \
> - __cpu < 8 * (setsize) \
> + __cpu /8 < (setsize) \
Should be a space before the 8?
--
Will Newton
Toolchain Working Group, Linaro