From 83310a08a2bc52b6e8c3a3e3216b4e723e58c961 Mon Sep 17 00:00:00 2001 From: Martin Liska Date: Fri, 12 Nov 2021 14:50:57 +0100 Subject: [PATCH] libbacktrace: fix UBSAN issues Fix issues mentioned in the PR. PR libbacktrace/103167 libbacktrace/ChangeLog: * elf.c (elf_uncompress_lzma_block): Cast to unsigned int. (elf_uncompress_lzma): Likewise. * xztest.c (test_samples): memcpy only if v > 0. --- libbacktrace/elf.c | 32 ++++++++++++++++---------------- libbacktrace/xztest.c | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c index 79d56146fc6..8b87b2dd6b9 100644 --- a/libbacktrace/elf.c +++ b/libbacktrace/elf.c @@ -3172,10 +3172,10 @@ elf_uncompress_lzma_block (const unsigned char *compressed, /* Block header CRC. */ computed_crc = elf_crc32 (0, compressed + block_header_offset, block_header_size - 4); - stream_crc = (compressed[off] - | (compressed[off + 1] << 8) - | (compressed[off + 2] << 16) - | (compressed[off + 3] << 24)); + stream_crc = ((uint32_t)compressed[off] + | ((uint32_t)compressed[off + 1] << 8) + | ((uint32_t)compressed[off + 2] << 16) + | ((uint32_t)compressed[off + 3] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); @@ -3785,10 +3785,10 @@ elf_uncompress_lzma (struct backtrace_state *state, /* Next comes a CRC of the stream flags. */ computed_crc = elf_crc32 (0, compressed + 6, 2); - stream_crc = (compressed[8] - | (compressed[9] << 8) - | (compressed[10] << 16) - | (compressed[11] << 24)); + stream_crc = ((uint32_t)compressed[8] + | ((uint32_t)compressed[9] << 8) + | ((uint32_t)compressed[10] << 16) + | ((uint32_t)compressed[11] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); @@ -3829,10 +3829,10 @@ elf_uncompress_lzma (struct backtrace_state *state, /* Before that is a footer CRC. */ computed_crc = elf_crc32 (0, compressed + offset, 6); - stream_crc = (compressed[offset - 4] - | (compressed[offset - 3] << 8) - | (compressed[offset - 2] << 16) - | (compressed[offset - 1] << 24)); + stream_crc = ((uint32_t)compressed[offset - 4] + | ((uint32_t)compressed[offset - 3] << 8) + | ((uint32_t)compressed[offset - 2] << 16) + | ((uint32_t)compressed[offset - 1] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); @@ -3888,10 +3888,10 @@ elf_uncompress_lzma (struct backtrace_state *state, /* Next is a CRC of the index. */ computed_crc = elf_crc32 (0, compressed + index_offset, offset - index_offset); - stream_crc = (compressed[offset] - | (compressed[offset + 1] << 8) - | (compressed[offset + 2] << 16) - | (compressed[offset + 3] << 24)); + stream_crc = ((uint32_t)compressed[offset] + | ((uint32_t)compressed[offset + 1] << 8) + | ((uint32_t)compressed[offset + 2] << 16) + | ((uint32_t)compressed[offset + 3] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); diff --git a/libbacktrace/xztest.c b/libbacktrace/xztest.c index b2533cb1804..6c60ff50159 100644 --- a/libbacktrace/xztest.c +++ b/libbacktrace/xztest.c @@ -172,7 +172,7 @@ test_samples (struct backtrace_state *state) tests[i].name, uncompressed_len, v); ++failures; } - else if (memcmp (tests[i].uncompressed, uncompressed, v) != 0) + else if (v > 0 && memcmp (tests[i].uncompressed, uncompressed, v) != 0) { size_t j;