diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index f8b6f1460..24f34db81 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -108,8 +108,8 @@ jobs: # Test hat debug build works fine EXPLICIT_MAKE_VARS="DEBUG=1" elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then - sanitizers='-fsanitize=address,undefined' - EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS=" + sanitizers='-fsanitize=address,undefined -fsanitize-address-use-after-scope -fno-omit-frame-pointer' + EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS='dbus gui mcstrans restorecond semodule-utils'" echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV else diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 41cfbdca4..681b453ae 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -89,7 +89,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi -Werror -Wno-aggregate-return \ $(EXTRA_CFLAGS) -LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=libselinux.map,-z,defs,-z,relro +LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=libselinux.map,-z,relro ifeq ($(OS), Darwin) override CFLAGS += -I/opt/local/include diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile index d52599674..bc972b10c 100644 --- a/libsemanage/src/Makefile +++ b/libsemanage/src/Makefile @@ -90,7 +90,7 @@ $(LIBA): $(OBJS) $(RANLIB) $@ $(LIBSO): $(LOBJS) - $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs + $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION diff --git a/libsemanage/src/database.c b/libsemanage/src/database.c index fc4f7179f..0e8c6b02d 100644 --- a/libsemanage/src/database.c +++ b/libsemanage/src/database.c @@ -21,6 +21,7 @@ static int assert_init(semanage_handle_t * handle, dbase_config_t * dconfig) return STATUS_SUCCESS; } +__attribute__((no_sanitize("function"))) static int enter_ro(semanage_handle_t * handle, dbase_config_t * dconfig) { @@ -58,6 +59,7 @@ static inline int exit_ro(semanage_handle_t * handle) return commit_num; } +__attribute__((no_sanitize("function"))) static int enter_rw(semanage_handle_t * handle, dbase_config_t * dconfig) { @@ -79,6 +81,7 @@ static int enter_rw(semanage_handle_t * handle, dbase_config_t * dconfig) return STATUS_ERR; } +__attribute__((no_sanitize("function"))) int dbase_modify(semanage_handle_t * handle, dbase_config_t * dconfig, const record_key_t * key, const record_t * data) @@ -93,6 +96,7 @@ int dbase_modify(semanage_handle_t * handle, return STATUS_SUCCESS; } +__attribute__((no_sanitize("function"))) int dbase_set(semanage_handle_t * handle, dbase_config_t * dconfig, const record_key_t * key, const record_t * data) @@ -107,6 +111,7 @@ int dbase_set(semanage_handle_t * handle, return STATUS_SUCCESS; } +__attribute__((no_sanitize("function"))) int dbase_del(semanage_handle_t * handle, dbase_config_t * dconfig, const record_key_t * key) { @@ -120,6 +125,7 @@ int dbase_del(semanage_handle_t * handle, return STATUS_SUCCESS; } +__attribute__((no_sanitize("function"))) int dbase_query(semanage_handle_t * handle, dbase_config_t * dconfig, const record_key_t * key, record_t ** response) @@ -136,6 +142,7 @@ int dbase_query(semanage_handle_t * handle, return exit_ro(handle); } +__attribute__((no_sanitize("function"))) int dbase_exists(semanage_handle_t * handle, dbase_config_t * dconfig, const record_key_t * key, int *response) @@ -152,6 +159,7 @@ int dbase_exists(semanage_handle_t * handle, return exit_ro(handle); } +__attribute__((no_sanitize("function"))) int dbase_count(semanage_handle_t * handle, dbase_config_t * dconfig, unsigned int *response) { @@ -167,6 +175,7 @@ int dbase_count(semanage_handle_t * handle, return exit_ro(handle); } +__attribute__((no_sanitize("function"))) int dbase_iterate(semanage_handle_t * handle, dbase_config_t * dconfig, int (*fn) (const record_t * record, @@ -184,6 +193,7 @@ int dbase_iterate(semanage_handle_t * handle, return exit_ro(handle); } +__attribute__((no_sanitize("function"))) int dbase_list(semanage_handle_t * handle, dbase_config_t * dconfig, record_t *** records, unsigned int *count) diff --git a/libsemanage/src/database_activedb.c b/libsemanage/src/database_activedb.c index 1cce0b829..93337636f 100644 --- a/libsemanage/src/database_activedb.c +++ b/libsemanage/src/database_activedb.c @@ -139,6 +139,9 @@ int dbase_activedb_init(semanage_handle_t * handle, void dbase_activedb_release(dbase_activedb_t * dbase) { + if (!dbase) + return; + dbase_llist_drop_cache(&dbase->llist); free(dbase); } diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c index a51269e77..38bf5befc 100644 --- a/libsemanage/src/database_file.c +++ b/libsemanage/src/database_file.c @@ -37,6 +37,7 @@ struct dbase_file { record_file_table_t *rftable; }; +__attribute__((no_sanitize("function"))) static int dbase_file_cache(semanage_handle_t * handle, dbase_file_t * dbase) { @@ -191,6 +192,9 @@ int dbase_file_init(semanage_handle_t * handle, void dbase_file_release(dbase_file_t * dbase) { + if (!dbase) + return; + dbase_llist_drop_cache(&dbase->llist); free(dbase); } diff --git a/libsemanage/src/database_join.c b/libsemanage/src/database_join.c index a49a62265..af0b70e6b 100644 --- a/libsemanage/src/database_join.c +++ b/libsemanage/src/database_join.c @@ -34,6 +34,7 @@ struct dbase_join { record_join_table_t *rjtable; }; +__attribute__((no_sanitize("function"))) static int dbase_join_cache(semanage_handle_t * handle, dbase_join_t * dbase) { @@ -170,6 +171,7 @@ static int dbase_join_cache(semanage_handle_t * handle, dbase_join_t * dbase) } /* Flush database */ +__attribute__((no_sanitize("function"))) static int dbase_join_flush(semanage_handle_t * handle, dbase_join_t * dbase) { @@ -271,6 +273,9 @@ int dbase_join_init(semanage_handle_t * handle, void dbase_join_release(dbase_join_t * dbase) { + if (!dbase) + return; + dbase_llist_drop_cache(&dbase->llist); free(dbase); } diff --git a/libsemanage/src/database_llist.c b/libsemanage/src/database_llist.c index 240b2557b..bc8f20193 100644 --- a/libsemanage/src/database_llist.c +++ b/libsemanage/src/database_llist.c @@ -34,6 +34,7 @@ int dbase_llist_needs_resync(semanage_handle_t * handle, dbase_llist_t * dbase) } /* Helper for adding records to the cache */ +__attribute__((no_sanitize("function"))) int dbase_llist_cache_prepend(semanage_handle_t * handle, dbase_llist_t * dbase, const record_t * data) { @@ -67,6 +68,7 @@ int dbase_llist_cache_prepend(semanage_handle_t * handle, return STATUS_ERR; } +__attribute__((no_sanitize("function"))) void dbase_llist_drop_cache(dbase_llist_t * dbase) { @@ -99,6 +101,7 @@ int dbase_llist_set_serial(semanage_handle_t * handle, dbase_llist_t * dbase) } /* Helper for finding records in the cache */ +__attribute__((no_sanitize("function"))) static int dbase_llist_cache_locate(semanage_handle_t * handle, dbase_llist_t * dbase, const record_key_t * key, @@ -226,6 +229,7 @@ int dbase_llist_modify(semanage_handle_t * handle, return STATUS_SUCCESS; } +__attribute__((no_sanitize("function"))) int dbase_llist_query(semanage_handle_t * handle, dbase_llist_t * dbase, const record_key_t * key, record_t ** response) @@ -248,6 +252,7 @@ int dbase_llist_query(semanage_handle_t * handle, return STATUS_ERR; } +__attribute__((no_sanitize("function"))) int dbase_llist_iterate(semanage_handle_t * handle, dbase_llist_t * dbase, int (*fn) (const record_t * record, @@ -274,6 +279,7 @@ int dbase_llist_iterate(semanage_handle_t * handle, return STATUS_ERR; } +__attribute__((no_sanitize("function"))) int dbase_llist_del(semanage_handle_t * handle __attribute__ ((unused)), dbase_llist_t * dbase, const record_key_t * key) { @@ -304,6 +310,7 @@ int dbase_llist_del(semanage_handle_t * handle __attribute__ ((unused)), return STATUS_SUCCESS; } +__attribute__((no_sanitize("function"))) int dbase_llist_clear(semanage_handle_t * handle, dbase_llist_t * dbase) { @@ -331,6 +338,7 @@ int dbase_llist_clear(semanage_handle_t * handle, dbase_llist_t * dbase) return STATUS_SUCCESS; } +__attribute__((no_sanitize("function"))) int dbase_llist_list(semanage_handle_t * handle, dbase_llist_t * dbase, record_t *** records, unsigned int *count) diff --git a/libsemanage/src/database_policydb.c b/libsemanage/src/database_policydb.c index 748a6ed69..70604237b 100644 --- a/libsemanage/src/database_policydb.c +++ b/libsemanage/src/database_policydb.c @@ -44,7 +44,7 @@ struct dbase_policydb { static void dbase_policydb_drop_cache(dbase_policydb_t * dbase) { - if (dbase->cache_serial >= 0) { + if (dbase && dbase->cache_serial >= 0) { sepol_policydb_free(dbase->policydb); dbase->cache_serial = -1; dbase->modified = 0; @@ -382,6 +382,7 @@ struct list_handler_arg { int pos; }; +__attribute__((no_sanitize("function"))) static int list_handler(const record_t * record, void *varg) { diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index d740070d5..f5a096e3a 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -321,6 +321,7 @@ int semanage_direct_connect(semanage_handle_t * sh) err: ERR(sh, "could not establish direct connection"); + (void) semanage_direct_disconnect(sh); return STATUS_ERR; } @@ -1140,6 +1141,7 @@ static int copy_file_if_exists(const char *src, const char *dst, mode_t mode){ /* Commits all changes in sandbox to the actual kernel policy. * Returns commit number on success, -1 on error. */ +__attribute__((no_sanitize("function"))) static int semanage_direct_commit(semanage_handle_t * sh) { char **mod_filenames = NULL; diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index b2201ee34..8f8ff8d5d 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -368,12 +368,11 @@ int semanage_access_check(semanage_handle_t * sh) int semanage_disconnect(semanage_handle_t * sh) { - assert(sh != NULL && sh->funcs != NULL - && sh->funcs->disconnect != NULL); + assert(sh != NULL); if (!sh->is_connected) { return 0; } - if (sh->funcs->disconnect(sh) < 0) { + if (sh->funcs && sh->funcs->disconnect(sh) < 0) { return -1; } sh->is_in_transaction = 0; diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c index fdbb8ad63..8d4db7626 100644 --- a/libsemanage/src/utilities.c +++ b/libsemanage/src/utilities.c @@ -254,7 +254,11 @@ char *semanage_str_replace(const char *search, const char *replace, return strdup(src); /* Allocate the result string */ - newsize = strlen(src) + 1 + count * (rlen - slen); + newsize = strlen(src) + 1; + if (rlen >= slen) + newsize += count * (rlen - slen); + else + newsize -= count * (slen - rlen); result = malloc(newsize); if (!result) return NULL; diff --git a/libsemanage/tests/test_bool.c b/libsemanage/tests/test_bool.c index 9356a1ae7..363007e58 100644 --- a/libsemanage/tests/test_bool.c +++ b/libsemanage/tests/test_bool.c @@ -603,7 +603,8 @@ static void test_bool_count(void) /* Function bool_iterate */ unsigned int counter_bool_iterate = 0; -static int handler_bool_iterate(const semanage_bool_t *record, void *varg) +static int handler_bool_iterate(__attribute__((unused)) const semanage_bool_t *record, + __attribute__((unused)) void *varg) { counter_bool_iterate++; return 0; @@ -859,7 +860,8 @@ static void test_bool_count_local(void) /* Function bool_iterate_local */ unsigned int counter_bool_iterate_local = 0; -static int handler_bool_iterate_local(const semanage_bool_t *record, void *varg) +static int handler_bool_iterate_local(__attribute__((unused)) const semanage_bool_t *record, + __attribute__((unused)) void *varg) { counter_bool_iterate_local++; return 0; diff --git a/libsemanage/tests/test_fcontext.c b/libsemanage/tests/test_fcontext.c index 8943d741d..555abf8fb 100644 --- a/libsemanage/tests/test_fcontext.c +++ b/libsemanage/tests/test_fcontext.c @@ -655,7 +655,8 @@ static void test_fcontext_count(void) /* Function semanage_fcontext_iterate */ unsigned int counter_fcontext_iterate = 0; -static int handler_fcontext_iterate(const semanage_fcontext_t *record, void *varg) +static int handler_fcontext_iterate(const semanage_fcontext_t *record, + __attribute__((unused)) void *varg) { CU_ASSERT_PTR_NOT_NULL(record); counter_fcontext_iterate++; @@ -937,7 +938,7 @@ static void test_fcontext_count_local(void) unsigned int counter_fcontext_iterate_local = 0; static int handler_fcontext_iterate_local(const semanage_fcontext_t *record, - void *varg) + __attribute__((unused)) void *varg) { CU_ASSERT_PTR_NOT_NULL(record); counter_fcontext_iterate_local++; diff --git a/libsemanage/tests/test_handle.c b/libsemanage/tests/test_handle.c index 00a6cb925..c1186dc8f 100644 --- a/libsemanage/tests/test_handle.c +++ b/libsemanage/tests/test_handle.c @@ -236,8 +236,9 @@ static void test_mls_enabled(void) /* Function semanage_set_callback */ int msg_set_callback_count = 0; -static void helper_msg_set_callback(void *varg, semanage_handle_t *handle, - const char *fmt, ...) +static void helper_msg_set_callback(__attribute__((unused)) void *varg, + __attribute__((unused)) semanage_handle_t *handle, + __attribute__((unused)) const char *fmt, ...) { msg_set_callback_count++; } @@ -316,6 +317,7 @@ static void helper_select_store(const char *name, enum semanage_connect_type typ cleanup_handle(SH_HANDLE); } +__attribute__((no_sanitize("implicit-integer-sign-change"))) static void test_select_store(void) { helper_select_store("asdf", SEMANAGE_CON_INVALID - 1, -1); diff --git a/libsemanage/tests/test_ibendport.c b/libsemanage/tests/test_ibendport.c index a6ce7a34a..81aece172 100644 --- a/libsemanage/tests/test_ibendport.c +++ b/libsemanage/tests/test_ibendport.c @@ -256,7 +256,7 @@ static void test_ibendport_count(void) /* Function semanage_ibendport_iterate */ unsigned int helper_ibendport_iterate_counter = 0; -static int helper_ibendport_iterate(const semanage_ibendport_t *ibendport, +static int helper_ibendport_iterate(__attribute__((unused)) const semanage_ibendport_t *ibendport, void *fn_arg) { CU_ASSERT(fn_arg == (void *) 42); @@ -264,7 +264,7 @@ static int helper_ibendport_iterate(const semanage_ibendport_t *ibendport, return 0; } -static int helper_ibendport_iterate_error(const semanage_ibendport_t *ibendport, +static int helper_ibendport_iterate_error(__attribute__((unused)) const semanage_ibendport_t *ibendport, void *fn_arg) { CU_ASSERT(fn_arg == (void *) 42); @@ -272,7 +272,7 @@ static int helper_ibendport_iterate_error(const semanage_ibendport_t *ibendport, return -1; } -static int helper_ibendport_iterate_break(const semanage_ibendport_t *ibendport, +static int helper_ibendport_iterate_break(__attribute__((unused)) const semanage_ibendport_t *ibendport, void *fn_arg) { CU_ASSERT(fn_arg == (void *) 42); @@ -441,7 +441,7 @@ static void test_ibendport_count_local(void) /* Function semanage_ibendport_iterate_local */ unsigned int helper_ibendport_iterate_local_counter = 0; -static int helper_ibendport_iterate_local(const semanage_ibendport_t *ibendport, +static int helper_ibendport_iterate_local(__attribute__((unused)) const semanage_ibendport_t *ibendport, void *fn_arg) { CU_ASSERT(fn_arg == (void *) 42); @@ -449,7 +449,7 @@ static int helper_ibendport_iterate_local(const semanage_ibendport_t *ibendport, return 0; } -static int helper_ibendport_iterate_local_error(const semanage_ibendport_t *ibendport, +static int helper_ibendport_iterate_local_error(__attribute__((unused)) const semanage_ibendport_t *ibendport, void *fn_arg) { CU_ASSERT(fn_arg == (void *) 42); @@ -457,7 +457,7 @@ static int helper_ibendport_iterate_local_error(const semanage_ibendport_t *iben return -1; } -static int helper_ibendport_iterate_local_break(const semanage_ibendport_t *ibendport, +static int helper_ibendport_iterate_local_break(__attribute__((unused)) const semanage_ibendport_t *ibendport, void *fn_arg) { CU_ASSERT(fn_arg == (void *) 42); diff --git a/libsemanage/tests/test_iface.c b/libsemanage/tests/test_iface.c index 2b84cb8eb..6f5663eb7 100644 --- a/libsemanage/tests/test_iface.c +++ b/libsemanage/tests/test_iface.c @@ -494,7 +494,8 @@ static void test_iface_count(void) unsigned int counter_iface_iterate = 0; -static int handler_iface_iterate(const semanage_iface_t *record, void *varg) +static int handler_iface_iterate(__attribute__((unused)) const semanage_iface_t *record, + __attribute__((unused)) void *varg) { counter_iface_iterate++; return 0; @@ -634,7 +635,8 @@ static void test_iface_count_local(void) /* Function semanage_iface_iterate_local */ unsigned int counter_iface_iterate_local = 0; -static int handler_iface_iterate_local(const semanage_iface_t *record, void *varg) +static int handler_iface_iterate_local(__attribute__((unused)) const semanage_iface_t *record, + __attribute__((unused)) void *varg) { counter_iface_iterate_local++; return 0; diff --git a/libsemanage/tests/test_node.c b/libsemanage/tests/test_node.c index 0db38d976..385cf2a0d 100644 --- a/libsemanage/tests/test_node.c +++ b/libsemanage/tests/test_node.c @@ -622,7 +622,8 @@ static void test_node_count(void) /* Function semanage_node_iterate */ unsigned int counter_node_iterate = 0; -static int handler_node_iterate(const semanage_node_t *record, void *varg) +static int handler_node_iterate(__attribute__((unused)) const semanage_node_t *record, + __attribute__((unused)) void *varg) { counter_node_iterate++; return 0; @@ -779,7 +780,8 @@ static void test_node_count_local(void) /* Function semanage_node_iterate_local */ unsigned int counter_node_iterate_local = 0; -static int handler_node_iterate_local(const semanage_node_t *record, void *varg) +static int handler_node_iterate_local(__attribute__((unused)) const semanage_node_t *record, + __attribute__((unused)) void *varg) { counter_node_iterate_local++; return 0; diff --git a/libsemanage/tests/test_other.c b/libsemanage/tests/test_other.c index 0a57e247f..8ddbe7537 100644 --- a/libsemanage/tests/test_other.c +++ b/libsemanage/tests/test_other.c @@ -116,7 +116,7 @@ void test_debug(void) CU_ASSERT(semanage_module_info_create(sh, &modinfo) >= 0); /* test */ - CU_ASSERT(semanage_module_info_set_priority(sh, modinfo, -42) < 0); + CU_ASSERT(semanage_module_info_set_priority(sh, modinfo, (uint16_t)-42) < 0); /* cleanup */ semanage_module_info_destroy(sh, modinfo); diff --git a/libsemanage/tests/test_port.c b/libsemanage/tests/test_port.c index e6393d783..3bf7b2d73 100644 --- a/libsemanage/tests/test_port.c +++ b/libsemanage/tests/test_port.c @@ -541,7 +541,8 @@ static void test_port_count(void) /* Function semanage_port_iterate */ unsigned int counter_port_iterate = 0; -static int handler_port_iterate(const semanage_port_t *record, void *varg) +static int handler_port_iterate(__attribute__((unused)) const semanage_port_t *record, + __attribute__((unused)) void *varg) { counter_port_iterate++; return 0; @@ -718,7 +719,8 @@ static void test_port_count_local(void) /* Function semanage_port_iterate_local */ unsigned int counter_port_iterate_local = 0; -static int handler_port_iterate_local(const semanage_port_t *record, void *varg) +static int handler_port_iterate_local(__attribute__((unused)) const semanage_port_t *record, + __attribute__((unused)) void *varg) { counter_port_iterate_local++; return 0; diff --git a/libsemanage/tests/test_user.c b/libsemanage/tests/test_user.c index b6fda51a0..f431a4fb7 100644 --- a/libsemanage/tests/test_user.c +++ b/libsemanage/tests/test_user.c @@ -517,7 +517,8 @@ static void test_user_count(void) /* Function semanage_user_iterate */ unsigned int counter_user_iterate = 0; -static int handler_user_iterate(const semanage_user_t *record, void *varg) +static int handler_user_iterate(__attribute__((unused)) const semanage_user_t *record, + __attribute__((unused)) void *varg) { counter_user_iterate++; return 0; @@ -650,7 +651,8 @@ static void test_user_count_local(void) /* Function semanage_user_iterate_local */ unsigned int counter_user_iterate_local = 0; -static int handler_user_iterate_local(const semanage_user_t *record, void *varg) +static int handler_user_iterate_local(__attribute__((unused)) const semanage_user_t *record, + __attribute__((unused)) void *varg) { counter_user_iterate_local++; return 0; diff --git a/libsemanage/tests/utilities.c b/libsemanage/tests/utilities.c index 806869e0a..911e25f17 100644 --- a/libsemanage/tests/utilities.c +++ b/libsemanage/tests/utilities.c @@ -31,7 +31,9 @@ semanage_handle_t *sh = NULL; /* Silence any error output caused by our tests * by using this dummy function to catch messages. */ -void test_msg_handler(void *varg, semanage_handle_t *handle, const char *fmt, +void test_msg_handler(__attribute__((unused)) void *varg, + __attribute__((unused)) semanage_handle_t *handle, + __attribute__((unused)) const char *fmt, ...) { } diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile index 7b0e84460..fe18afd05 100644 --- a/libsepol/src/Makefile +++ b/libsepol/src/Makefile @@ -35,7 +35,7 @@ ifeq (yes,$(shell printf '${H}include \nint main(void){return realloca override CFLAGS += -DHAVE_REALLOCARRAY endif -LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=$(LIBMAP),-z,defs +LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=$(LIBMAP) LN=ln OS := $(shell uname) diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c index 7d890a8f0..ca6ac76fa 100644 --- a/libsepol/src/ebitmap.c +++ b/libsepol/src/ebitmap.c @@ -370,9 +370,9 @@ int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value) { ebitmap_node_t *n, *prev, *new; uint32_t startbit = bit & ~(MAPSIZE - 1); - uint32_t highbit = startbit + MAPSIZE; + uint32_t highbit; - if (highbit == 0) { + if (__builtin_add_overflow(startbit, MAPSIZE, &highbit)) { ERR(NULL, "bitmap overflow, bit 0x%x", bit); return -EINVAL; } @@ -440,13 +440,14 @@ int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value) return 0; } +ignore_unsigned_overflow_ int ebitmap_init_range(ebitmap_t * e, unsigned int minbit, unsigned int maxbit) { ebitmap_node_t *new = NULL, **prev; uint32_t minstartbit = minbit & ~(MAPSIZE - 1); uint32_t maxstartbit = maxbit & ~(MAPSIZE - 1); - uint32_t minhighbit = minstartbit + MAPSIZE; - uint32_t maxhighbit = maxstartbit + MAPSIZE; + uint32_t minhighbit; + uint32_t maxhighbit; uint32_t startbit; MAPTYPE mask; @@ -455,7 +456,8 @@ int ebitmap_init_range(ebitmap_t * e, unsigned int minbit, unsigned int maxbit) if (minbit > maxbit) return -EINVAL; - if (minhighbit == 0 || maxhighbit == 0) + if (__builtin_add_overflow(minstartbit, MAPSIZE, &minhighbit) || + __builtin_add_overflow(maxstartbit, MAPSIZE, &maxhighbit)) return -EOVERFLOW; prev = &e->node;