|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 0/2] libfdt: eliminate UB pointer validation
The other day, in the context of what is now cf38b4926e2b ("xmalloc:
guard against integer overflow"), Andrew had suggested to look into
using gcc's __builtin_*_overflow(). The functions don't lend themselves
to be used there with the logic currently in place (albeit we may still
want to consider adjustments there), but I then went on to see whether
we have any other overflow checks wanting conversion. One thing I
noticed was that for unsigned integer arithmetic the compiler normally
does fine recognizing the intent without using the builtins. And while
I didn't to spot any signed integer overflow checks (which likely
would have been UB anyway), I did spot two in libfdt. After figuring
out where exactly that code was taken from, I spotted a fix for one of
the two in the upstream repo, and I submitted a fix for the other one
there first. Here are the backports thereof, as I don't myself want to
get into the business of bumping the libfdt version in our repo.
1: Fix undefined behaviour in fdt_offset_ptr()
2: fix undefined behaviour in _fdt_splice()
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |