d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libc: fix undefined behavior from signed overflow in strstr and memmem

Browse Source 
unsigned char promotes to int, which can overflow when shifted left by
24 bits or more. this has been reported multiple times but then
forgotten. it's expected to be benign UB, but can trap when built with
explicit overflow catching (ubsan or similar). fix it now.

note that promotion to uint32_t is safe and portable even outside of
the assumptions usually made in musl, since either uint32_t has rank
at least unsigned int, so that no further default promotions happen,
or int is wide enough that the shift can't overflow. this is a
desirable property to have in case someone wants to reuse the code
elsewhere.

musl commit: 593caa456309714402ca4cb77c3770f4c24da9da

Obtained from:	musl
This commit is contained in:
Ed Maste 2020-11-19 00:03:15 +00:00
parent 7dbcd06e63
commit 33482dae89
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/libc/string/memmem.c
View File

@ -41,8 +41,8 @@ twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
static char *
threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8;
uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8;
uint32_t nw = (uint32_t)n[0] << 24 | n[1] << 16 | n[2] << 8;
uint32_t hw = (uint32_t)h[0] << 24 | h[1] << 16 | h[2] << 8;
for (h += 3, k -= 3; k; k--, hw = (hw | *h++) << 8)
if (hw == nw)
return (char *)h - 3;
@ -52,8 +52,8 @@ threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
static char *
fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3];
uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8 | h[3];
uint32_t nw = (uint32_t)n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3];
uint32_t hw = (uint32_t)h[0] << 24 | h[1] << 16 | h[2] << 8 | h[3];
for (h += 4, k -= 4; k; k--, hw = hw << 8 | *h++)
if (hw == nw)
return (char *)h - 4;

8
lib/libc/string/strstr.c
View File

@ -40,8 +40,8 @@ twobyte_strstr(const unsigned char *h, const unsigned char *n)
static char *
threebyte_strstr(const unsigned char *h, const unsigned char *n)
{
uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8;
uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8;
uint32_t nw = (uint32_t)n[0] << 24 | n[1] << 16 | n[2] << 8;
uint32_t hw = (uint32_t)h[0] << 24 | h[1] << 16 | h[2] << 8;
for (h += 2; *h && hw != nw; hw = (hw | *++h) << 8)
;
return *h ? (char *)h - 2 : 0;
@ -50,8 +50,8 @@ threebyte_strstr(const unsigned char *h, const unsigned char *n)
static char *
fourbyte_strstr(const unsigned char *h, const unsigned char *n)
{
uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3];
uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8 | h[3];
uint32_t nw = (uint32_t)n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3];
uint32_t hw = (uint32_t)h[0] << 24 | h[1] << 16 | h[2] << 8 | h[3];
for (h += 3; *h && hw != nw; hw = hw << 8 | *++h)
;
return *h ? (char *)h - 3 : 0;