From cce974d367d41271a26451d663593f6c490aa2b9 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 23 Feb 2019 17:39:38 +0200 Subject: [PATCH] UBSan: Define FST LLT macros without integer overflow FST_MAX_LLT_MS definition depended on undefined behavior with unsigned integer overflow. Avoid that and also optimize the FST_LLT_{MS_TO_VAL,VAL_TO_MS} macros to handle larger values without overflowing 32-bit unsigned integers. fst_session.c:1274:52: runtime error: unsigned integer overflow: 4294967295 * 32 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen --- src/fst/fst.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/fst/fst.h b/src/fst/fst.h index 0c0e435b9..296749120 100644 --- a/src/fst/fst.h +++ b/src/fst/fst.h @@ -19,10 +19,18 @@ #define US_IN_MS 1000 #define LLT_UNIT_US 32 /* See 10.32.2.2 Transitioning between states */ -#define FST_LLT_MS_TO_VAL(m) (((u32) (m)) * US_IN_MS / LLT_UNIT_US) -#define FST_LLT_VAL_TO_MS(v) (((u32) (v)) * LLT_UNIT_US / US_IN_MS) - -#define FST_MAX_LLT_MS FST_LLT_VAL_TO_MS(-1) +/* + * These were originally + * #define FST_LLT_MS_TO_VAL(m) (((u32) (m)) * US_IN_MS / LLT_UNIT_US) + * #define FST_LLT_VAL_TO_MS(v) (((u32) (v)) * LLT_UNIT_US / US_IN_MS) + * #define FST_MAX_LLT_MS FST_LLT_VAL_TO_MS(-1) + * but those can overflow 32-bit unsigned integer, so use alternative defines + * to avoid undefined behavior with such overflow. + * LLT_UNIT_US/US_IN_MS = 32/1000 = 4/125 + */ +#define FST_LLT_MS_TO_VAL(m) (((u32) (m)) * 125 / 4) +#define FST_LLT_VAL_TO_MS(v) (((u32) (v)) * 4 / 125) +#define FST_MAX_LLT_MS (((u32) -1) / 4) #define FST_MAX_PRIO_VALUE ((u8) -1) #define FST_MAX_GROUP_ID_LEN IFNAMSIZ