From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/11716
Path: news.gmane.org!.POSTED!not-for-mail
From: Alexander Monakov <amonakov@ispras.ru>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: [RFC PATCH] fix OOB reads in Xbyte_memmem
Date: Mon, 10 Jul 2017 21:11:20 +0300 (MSK)
Message-ID: <alpine.LNX.2.20.13.1707102105360.2537@monopod.intra.ispras.ru>
References: <87r2y2vrsg.fsf@gmail.com> <20170629213533.18744-1-amonakov@ispras.ru>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Trace: blaine.gmane.org 1499710321 23736 195.159.176.226 (10 Jul 2017 18:12:01 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 10 Jul 2017 18:12:01 +0000 (UTC)
User-Agent: Alpine 2.20.13 (LNX 116 2015-12-14)
To: musl@lists.openwall.com
Original-X-From: musl-return-11729-gllmg-musl=m.gmane.org@lists.openwall.com Mon Jul 10 20:11:57 2017
Return-path: <musl-return-11729-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-11729-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1dUdA2-0005oJ-6b
	for gllmg-musl@m.gmane.org; Mon, 10 Jul 2017 20:11:54 +0200
Original-Received: (qmail 13758 invoked by uid 550); 10 Jul 2017 18:11:57 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 13735 invoked from network); 10 Jul 2017 18:11:56 -0000
In-Reply-To: <20170629213533.18744-1-amonakov@ispras.ru>
Xref: news.gmane.org gmane.linux.lib.musl.general:11716
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/11716>

On Fri, 30 Jun 2017, Alexander Monakov wrote:
>  	uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
>  	uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
                      ^^^^^^^^
Such shifts can invoke UB by shifting 1 into the sign bit. It's easily
amended by making the shift happen in an unsigned type; I'd suggest
something like 'n[0]*1u<<24 | ...' (I've checked that this does not
appear to thwart bswap recognition in GCC)

I assume this would need to be a separate patch, we desired at all.

Alexander