[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 0/2] libfdt: eliminate UB pointer validation

The other day, in the context of what is now cf38b4926e2b ("xmalloc:
guard against integer overflow"), Andrew had suggested to look into
using gcc's __builtin_*_overflow(). The functions don't lend themselves
to be used there with the logic currently in place (albeit we may still
want to consider adjustments there), but I then went on to see whether
we have any other overflow checks wanting conversion. One thing I
noticed was that for unsigned integer arithmetic the compiler normally
does fine recognizing the intent without using the builtins. And while
I didn't to spot any signed integer overflow checks (which likely
would have been UB anyway), I did spot two in libfdt. After figuring
out where exactly that code was taken from, I spotted a fix for one of
the two in the upstream repo, and I submitted a fix for the other one
there first. Here are the backports thereof, as I don't myself want to
get into the business of bumping the libfdt version in our repo.

1: Fix undefined behaviour in fdt_offset_ptr()
2: fix undefined behaviour in _fdt_splice()


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.