[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Fix implicit signed to unsigned conversion in PVM_VAL_BOX
|
From: |
Jose E. Marchesi |
|
Subject: |
Re: [PATCH] Fix implicit signed to unsigned conversion in PVM_VAL_BOX |
|
Date: |
Sat, 11 Apr 2020 09:14:13 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
Hi Tim.
Found by libFuzzer:
pvm-program.c:74:11: runtime error: implicit conversion from type 'int' of
value -8 (32-bit, signed) to type 'unsigned long' changed the value to
18446744073709551608 (64-bit, unsigned)
2020-04-10 Tim Rühsen <address@hidden>
* lib/pvm.h (PVM_VAL_BOX): Fix implicit signed
to unsigned conversion.
---
ChangeLog | 5 +++++
lib/pvm.h | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/pvm.h b/lib/pvm.h
index 3fbb513b..e1a06d65 100644
--- a/lib/pvm.h
+++ b/lib/pvm.h
@@ -143,7 +143,7 @@ pvm_val pvm_make_ulong (uint64_t value, int size);
all pointers are aligned to 8 bytes. The allocator for the boxed
values makes sure this is always the case. */
-#define PVM_VAL_BOX(V) ((pvm_val_box) ((((uintptr_t) V) & ~0x7)))
+#define PVM_VAL_BOX(V) ((pvm_val_box) ((((uintptr_t) V) & ~0x7U)))
/* This constructor should be used in order to build boxes. */
I just reverted this commit, as it broke master badly.
The operation above actually depends on ~0x7 to be sign-extended to
whatever size uintptr_t is.
Does this pacify your fuzzer?:
#define PVM_VAL_BOX(V) ((pvm_val_box) ((((uintptr_t) V)
& ~((uintptr_t)0x7U))))