Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern Try to avoid signed integer overflow in callout_sof...

details:   https://anonhg.NetBSD.org/src/rev/da56bdc45069
branches:  trunk
changeset: 833676:da56bdc45069
user:      kamil <kamil%NetBSD.org@localhost>
date:      Sun Jul 08 14:42:52 2018 +0000

description:
Try to avoid signed integer overflow in callout_softclock()

The delta operation (c->c_time - ticks) is documented as safe, however it
still can cause overflow in narrow case scenarios.

Try to avoid overflow/underflow or at least make it less frequent with
a direct comparison of c->c_time and tics. Perform the operation of
subtraction only when c->c_time > ticks.

sys/kern/kern_timeout.c:720:9, signed integer overflow: -2147410738 - 72912 cannot be represented in type 'int'

Detected with Kernel Undefined Behavior Sanitizer.

Patch suggested by <Riastradh>

diffstat:

 sys/kern/kern_timeout.c |  10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diffs (34 lines):

diff -r b372ed4b86da -r da56bdc45069 sys/kern/kern_timeout.c
--- a/sys/kern/kern_timeout.c   Sun Jul 08 11:37:50 2018 +0000
+++ b/sys/kern/kern_timeout.c   Sun Jul 08 14:42:52 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_timeout.c,v 1.54 2018/01/16 08:15:29 ozaki-r Exp $        */
+/*     $NetBSD: kern_timeout.c,v 1.55 2018/07/08 14:42:52 kamil Exp $  */
 
 /*-
  * Copyright (c) 2003, 2006, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_timeout.c,v 1.54 2018/01/16 08:15:29 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_timeout.c,v 1.55 2018/07/08 14:42:52 kamil Exp $");
 
 /*
  * Timeouts are kept in a hierarchical timing wheel.  The c_time is the
@@ -717,12 +717,12 @@
 
                /* If due run it, otherwise insert it into the right bucket. */
                ticks = cc->cc_ticks;
-               delta = c->c_time - ticks;
-               if (delta > 0) {
+               if (c->c_time > ticks) {
+                       delta = c->c_time - ticks;
                        CIRCQ_INSERT(&c->c_list, BUCKET(cc, delta, c->c_time));
                        continue;
                }
-               if (delta < 0)
+               if (c->c_time < ticks)
                        cc->cc_ev_late.ev_count++;
 
                c->c_flags = (c->c_flags & ~CALLOUT_PENDING) |
Home | Main Index | Thread Index | Old Index