-
Notifications
You must be signed in to change notification settings - Fork 842
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ubsan fixes for various tcpdump printers #1012
base: master
Are you sure you want to change the base?
Commits on Feb 2, 2023
-
Bgp: Fix an undefined behavior when it tries to parse a too-short packet
It's not enough for the *packet* to be able to contain the RD; the route data also has to be long enough; otherwise, we will try to shift a negative length left in order to pass it to bgp_vpn_ip_print() print-bgp.c:1848:9: runtime error: left shift of negative value -8 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-bgp.c:1848:9 in
Configuration menu - View commit details
-
Copy full SHA for 3ffcbd8 - Browse repository at this point
Copy the full SHA 3ffcbd8View commit details -
ISO: avoid undefined behavior and integer overflow in the fletcher ch…
…ecksum calculation The fletcher checksum calculation would sometimes left-shift a negative number, which is an undefined operation. Rework the code to avoid this. checksum.c:186:20: runtime error: left shift of negative value -36 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior checksum.c:186:20 in Unlike some checksum routines that use the defined semantics of 2's-complement unsigned overflow to their advantage, this one gets the wrong value if it is allowed to overflow, due to the use of mod-255. Convert c1 to uint64_t to avoid overflow checksum.c:163:16: runtime error: unsigned integer overflow: NNN + NNN cannot be represented in type 'unsigned int' Use integers during subtraction to avoid implicit conversion to unsigned when calculating both x and y checksum.c:172:18: runtime error: unsigned integer overflow: NNN - NNN cannot be represented in type 'unsigned int' checksum.c:172:9: runtime error: implicit conversion from type 'unsigned int' of value NNN (32-bit, unsigned) to type 'int' changed the value to -NNN (32-bit, signed) checksum.c:173:12: runtime error: unsigned integer overflow: NNN - NNN cannot be represented in type 'unsigned int' checksum.c:173:9: runtime error: implicit conversion from type 'unsigned int' of value NNN (32-bit, unsigned) to type 'int' changed the value to -NNN (32-bit, signed)
Configuration menu - View commit details
-
Copy full SHA for fb52e16 - Browse repository at this point
Copy the full SHA fb52e16View commit details -
snmp: avoid two undefined behaviors
When converting an integer from ASN.1, use an unsigned value for the partial result and assign it to the integer part of the union at the end, to avoid shifting a negative number left. print-snmp.c:545:19: runtime error: left shift of negative value -1 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-snmp.c:545:19 in OID elements are unsigned; a large-enough oid value could result in the undefined behavior of shifting a signed integer left through the sign bit, so simply store them as unsigned. print-snmp.c:769:11: runtime error: left shift of 268435455 by 7 places cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-snmp.c:769:11 in
Configuration menu - View commit details
-
Copy full SHA for a0cf025 - Browse repository at this point
Copy the full SHA a0cf025View commit details -
lwres: avoid undefined behavior in pointer arithmetic
Check for truncation before doing pointer arithmetic to point to the end of the packet. print-lwres.c:294:10: runtime error: addition of unsigned offset to 0xf3b032be overflowed to 0x9652d560 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-lwres.c:294:10 in print-lwres.c:549:29: runtime error: addition of unsigned offset to 0xf3b032be overflowed to 0x9652d560 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-lwres.c:549:29 in
Configuration menu - View commit details
-
Copy full SHA for 2586d0a - Browse repository at this point
Copy the full SHA 2586d0aView commit details -
OSPF6: Eliminate undefined behavior
Handle ls_length shorter than sizeof(lsa_hdr) in the same way as OSPF. Use a u_int32 to hold a loop variable initialized with GET_BE_U_4. print-ospf6.c:817:46: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-ospf6.c:817:46 in
Configuration menu - View commit details
-
Copy full SHA for a8dd632 - Browse repository at this point
Copy the full SHA a8dd632View commit details