This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h
- From: Andreas Jaeger <aj at suse dot com>
- To: libc-alpha <libc-alpha at sourceware dot org>
- Date: Thu, 09 May 2013 16:48:37 +0200
- Subject: [BZ#15448] Fix integer overflow in sysdeps/unix/sysv/linux/bits/sched.h
>From Bugzilla:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file sysdeps/unix/sysv/linux/bits/sched.h, the cpu set macros attempt to
check for overflow of the cpu index, but fail to do so properly due to an
integer overflow error. The condition:
147 __cpu < 8 * (setsize)
overflows if setsize is greater than SIZE_MAX/8. The correct test would be:
__cpu/8 < (setsize)
which is valid since the low 3 bits of __cpu are irrelevant to whether the
index overflows.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've fixed all three occurences of this problem.
Ok to commit?
Andreas
2013-05-09 Andreas Jaeger <aj@suse.de>
[BZ #15448]
* sysdeps/unix/sysv/linux/bits/sched.h (__CPU_SET_S)
(__CPU_CLR_S, __CPU_ISSET_S): Avoid integer overflow.
diff --git a/sysdeps/unix/sysv/linux/bits/sched.h b/sysdeps/unix/sysv/linux/bits/sched.h
index 5e8057b..9513155 100644
--- a/sysdeps/unix/sysv/linux/bits/sched.h
+++ b/sysdeps/unix/sysv/linux/bits/sched.h
@@ -144,21 +144,21 @@ typedef struct
# define __CPU_SET_S(cpu, setsize, cpusetp) \
(__extension__ \
({ size_t __cpu = (cpu); \
- __cpu < 8 * (setsize) \
+ __cpu / 8 < (setsize) \
? (((__cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)] \
|= __CPUMASK (__cpu)) \
: 0; }))
# define __CPU_CLR_S(cpu, setsize, cpusetp) \
(__extension__ \
({ size_t __cpu = (cpu); \
- __cpu < 8 * (setsize) \
+ __cpu /8 < (setsize) \
? (((__cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)] \
&= ~__CPUMASK (__cpu)) \
: 0; }))
# define __CPU_ISSET_S(cpu, setsize, cpusetp) \
(__extension__ \
({ size_t __cpu = (cpu); \
- __cpu < 8 * (setsize) \
+ __cpu / 8 < (setsize) \
? ((((const __cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)] \
& __CPUMASK (__cpu))) != 0 \
: 0; }))
--
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126