From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <musl-return-21496-ml=inbox.vuxu.org@lists.openwall.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.1 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4
Received: from second.openwall.net (second.openwall.net [193.110.157.125])
	by inbox.vuxu.org (Postfix) with SMTP id 89E44307CA
	for <ml@inbox.vuxu.org>; Tue, 29 Oct 2024 21:26:30 +0100 (CET)
Received: (qmail 8184 invoked by uid 550); 29 Oct 2024 20:26:25 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
x-ms-reactions: disallow
Received: (qmail 8141 invoked from network); 29 Oct 2024 20:26:25 -0000
Date: Tue, 29 Oct 2024 16:26:16 -0400
From: Rich Felker <dalias@libc.org>
To: Thorsten Glaser <tg@evolvis.org>
Cc: musl@lists.openwall.com, lihua.zhao.cn@windriver.com
Message-ID: <20241029202615.GC10433@brightrain.aerifal.cx>
References: <20241029130234.729799-1-lihua.zhao.cn@windriver.com>
 <63e3ced1-1b7d-8427-0105-a865d21f7e6f@evolvis.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <63e3ced1-1b7d-8427-0105-a865d21f7e6f@evolvis.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [musl] [PATCH] set EINVAL for sigismember when sig is invalid

On Tue, Oct 29, 2024 at 02:12:49PM +0100, Thorsten Glaser wrote:
> On Tue, 29 Oct 2024, lihua.zhao.cn@windriver.com wrote:
> 
> > int sigismember(const sigset_t *set, int sig)
> > {
> > 	unsigned s = sig-1;
> >-	if (s >= _NSIG-1) return 0;
> >+	if (s < 0 || s >= _NSIG-1) {
> 
> unsigned s can never be 0, and assignment from int will wrap around,
> so the >= is enough.
> 
> There’s UB if sig == INT_MIN though.

The UB concern exists for all the existing files, so it should be
fixed there and the same idiom copied to sigismember. Note that the
above patch for sigismember does not catch signal numbers that are
invalid because they're implementation-internal, like the other sigset
functions do. That needs to be fixed, but then the internal usage in
posix_spawn would need to be fixed to match.

> 
> - 	unsigned s = sig-1;
> + 	unsigned s = sig;
> + 	++s;
> 
> Or:
> 
> - 	unsigned s = sig-1;
> + 	unsigned s = (unsigned)sig - 1U;

sig-1U is the idiomatic way we do this.

Rich