Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Jul 2018 19:11:43 +0000 (UTC)
From:      Kirk McKusick <mckusick@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r336074 - head/sys/ufs/ffs
Message-ID:  <201807071911.w67JBhtV008101@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: mckusick
Date: Sat Jul  7 19:11:43 2018
New Revision: 336074
URL: https://svnweb.freebsd.org/changeset/base/336074

Log:
  Import commit from NetBSD with checkin message:
  
      Avoid Undefined Behavior in ffs_clusteracct()
  
      Change the type of 'bit' variable from int to unsigned int and use unsigned
      values consistently.
  
      sys/ufs/ffs/ffs_subr.c:336:10, shift exponent -1 is negative
  
      Detected with Kernel Undefined Behavior Sanitizer.
  
      Reported by <Harry Pantazis>
  
  Submitted by: Pedro Giffuni

Modified:
  head/sys/ufs/ffs/ffs_subr.c

Modified: head/sys/ufs/ffs/ffs_subr.c
==============================================================================
--- head/sys/ufs/ffs/ffs_subr.c	Sat Jul  7 19:10:00 2018	(r336073)
+++ head/sys/ufs/ffs/ffs_subr.c	Sat Jul  7 19:11:43 2018	(r336074)
@@ -473,7 +473,8 @@ ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_da
 	int32_t *sump;
 	int32_t *lp;
 	u_char *freemapp, *mapp;
-	int i, start, end, forw, back, map, bit;
+	int i, start, end, forw, back, map;
+	u_int bit;
 
 	if (fs->fs_contigsumsize <= 0)
 		return;
@@ -495,7 +496,7 @@ ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_da
 		end = cgp->cg_nclusterblks;
 	mapp = &freemapp[start / NBBY];
 	map = *mapp++;
-	bit = 1 << (start % NBBY);
+	bit = 1U << (start % NBBY);
 	for (i = start; i < end; i++) {
 		if ((map & bit) == 0)
 			break;
@@ -516,7 +517,7 @@ ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_da
 		end = -1;
 	mapp = &freemapp[start / NBBY];
 	map = *mapp--;
-	bit = 1 << (start % NBBY);
+	bit = 1U << (start % NBBY);
 	for (i = start; i > end; i--) {
 		if ((map & bit) == 0)
 			break;
@@ -524,7 +525,7 @@ ffs_clusteracct(struct fs *fs, struct cg *cgp, ufs1_da
 			bit >>= 1;
 		} else {
 			map = *mapp--;
-			bit = 1 << (NBBY - 1);
+			bit = 1U << (NBBY - 1);
 		}
 	}
 	back = start - i;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807071911.w67JBhtV008101>