This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h

From: Andreas Jaeger <aj at suse dot com>
To: libc-alpha <libc-alpha at sourceware dot org>
Date: Thu, 09 May 2013 16:48:37 +0200
Subject: [BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h

>From Bugzilla:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file sysdeps/unix/sysv/linux/bits/sched.h, the cpu set macros attempt to
check for overflow of the cpu index, but fail to do so properly due to an
integer overflow error. The condition:

 147       __cpu < 8 * (setsize)

overflows if setsize is greater than SIZE_MAX/8. The correct test would be:

           __cpu/8 < (setsize)

which is valid since the low 3 bits of __cpu are irrelevant to whether the
index overflows.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I've fixed all three occurences of this problem.

Ok to commit?

Andreas

2013-05-09  Andreas Jaeger  <aj@suse.de>

	[BZ #15448]
	* sysdeps/unix/sysv/linux/bits/sched.h (__CPU_SET_S)
	(__CPU_CLR_S, __CPU_ISSET_S): Avoid integer overflow.

diff --git a/sysdeps/unix/sysv/linux/bits/sched.h b/sysdeps/unix/sysv/linux/bits/sched.h
index 5e8057b..9513155 100644
--- a/sysdeps/unix/sysv/linux/bits/sched.h
+++ b/sysdeps/unix/sysv/linux/bits/sched.h
@@ -144,21 +144,21 @@ typedef struct
 # define __CPU_SET_S(cpu, setsize, cpusetp) \
   (__extension__							      \
    ({ size_t __cpu = (cpu);						      \
-      __cpu < 8 * (setsize)						      \
+      __cpu / 8 < (setsize)						      \
       ? (((__cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)]		      \
 	 |= __CPUMASK (__cpu))						      \
       : 0; }))
 # define __CPU_CLR_S(cpu, setsize, cpusetp) \
   (__extension__							      \
    ({ size_t __cpu = (cpu);						      \
-      __cpu < 8 * (setsize)						      \
+      __cpu /8 < (setsize)						      \
       ? (((__cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)]		      \
 	 &= ~__CPUMASK (__cpu))						      \
       : 0; }))
 # define __CPU_ISSET_S(cpu, setsize, cpusetp) \
   (__extension__							      \
    ({ size_t __cpu = (cpu);						      \
-      __cpu < 8 * (setsize)						      \
+      __cpu / 8 < (setsize)						      \
       ? ((((const __cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)]	      \
 	  & __CPUMASK (__cpu))) != 0					      \
       : 0; }))

-- 
 Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
  SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
   GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
    GPG fingerprint = 93A3 365E CE47 B889 DF7F  FED1 389A 563C C272 A126

Follow-Ups:
- Re: [BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h
  - From: Will Newton
- Re: [BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]