From 5aa92540f0d1568a07c0437ed9a41c4c5b6dd779 Mon Sep 17 00:00:00 2001 From: Martin Liska Date: Fri, 12 Nov 2021 14:50:57 +0100 Subject: [PATCH] libbacktrace: fix UBSAN issues Fix issues mentioned in the PR. PR libbacktrace/103167 libbacktrace/ChangeLog: * elf.c (elf_uncompress_lzma_block): Cast to unsigned int. (elf_uncompress_lzma): Likewise. * xztest.c (test_samples): memcpy only if v > 0. --- elf.c | 32 ++++++++++++++++---------------- xztest.c | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/elf.c b/elf.c index daef6dd..e6a66c0 100644 --- a/elf.c +++ b/elf.c @@ -5687,10 +5687,10 @@ elf_uncompress_lzma_block (const unsigned char *compressed, /* Block header CRC. */ computed_crc = elf_crc32 (0, compressed + block_header_offset, block_header_size - 4); - stream_crc = (compressed[off] - | (compressed[off + 1] << 8) - | (compressed[off + 2] << 16) - | (compressed[off + 3] << 24)); + stream_crc = ((uint32_t)compressed[off] + | ((uint32_t)compressed[off + 1] << 8) + | ((uint32_t)compressed[off + 2] << 16) + | ((uint32_t)compressed[off + 3] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); @@ -6300,10 +6300,10 @@ elf_uncompress_lzma (struct backtrace_state *state, /* Next comes a CRC of the stream flags. */ computed_crc = elf_crc32 (0, compressed + 6, 2); - stream_crc = (compressed[8] - | (compressed[9] << 8) - | (compressed[10] << 16) - | (compressed[11] << 24)); + stream_crc = ((uint32_t)compressed[8] + | ((uint32_t)compressed[9] << 8) + | ((uint32_t)compressed[10] << 16) + | ((uint32_t)compressed[11] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); @@ -6344,10 +6344,10 @@ elf_uncompress_lzma (struct backtrace_state *state, /* Before that is a footer CRC. */ computed_crc = elf_crc32 (0, compressed + offset, 6); - stream_crc = (compressed[offset - 4] - | (compressed[offset - 3] << 8) - | (compressed[offset - 2] << 16) - | (compressed[offset - 1] << 24)); + stream_crc = ((uint32_t)compressed[offset - 4] + | ((uint32_t)compressed[offset - 3] << 8) + | ((uint32_t)compressed[offset - 2] << 16) + | ((uint32_t)compressed[offset - 1] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); @@ -6403,10 +6403,10 @@ elf_uncompress_lzma (struct backtrace_state *state, /* Next is a CRC of the index. */ computed_crc = elf_crc32 (0, compressed + index_offset, offset - index_offset); - stream_crc = (compressed[offset] - | (compressed[offset + 1] << 8) - | (compressed[offset + 2] << 16) - | (compressed[offset + 3] << 24)); + stream_crc = ((uint32_t)compressed[offset] + | ((uint32_t)compressed[offset + 1] << 8) + | ((uint32_t)compressed[offset + 2] << 16) + | ((uint32_t)compressed[offset + 3] << 24)); if (unlikely (computed_crc != stream_crc)) { elf_uncompress_failed (); diff --git a/xztest.c b/xztest.c index 2a3b9dd..5b3b811 100644 --- a/xztest.c +++ b/xztest.c @@ -172,7 +172,7 @@ test_samples (struct backtrace_state *state) tests[i].name, uncompressed_len, v); ++failures; } - else if (memcmp (tests[i].uncompressed, uncompressed, v) != 0) + else if (v > 0 && memcmp (tests[i].uncompressed, uncompressed, v) != 0) { size_t j;