CVS commit: src/sys/ufs/ffs

[Kamil Rytarowski]

Module Name:    src
Committed By:   kamil
Date:           Wed Jul  4 02:02:15 UTC 2018

Modified Files:
        src/sys/ufs/ffs: ffs_subr.c

Log Message:
Avoid Undefined Behavior in ffs_clusteracct()

Change the type of 'bit' variable from int to unsigned int and use unsigned
values consistently.

sys/ufs/ffs/ffs_subr.c:336:10, shift exponent -1 is negative

Detected with Kernel Undefined Behavior Sanitizer.

Reported by <Harry Pantazis>


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sys/ufs/ffs/ffs_subr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/ufs/ffs/ffs_subr.c
diff -u src/sys/ufs/ffs/ffs_subr.c:1.49 src/sys/ufs/ffs/ffs_subr.c:1.50
--- src/sys/ufs/ffs/ffs_subr.c:1.49	Sat May  7 11:59:08 2016
+++ src/sys/ufs/ffs/ffs_subr.c	Wed Jul  4 02:02:15 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ffs_subr.c,v 1.49 2016/05/07 11:59:08 maxv Exp $	*/
+/*	$NetBSD: ffs_subr.c,v 1.50 2018/07/04 02:02:15 kamil Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -36,7 +36,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ffs_subr.c,v 1.49 2016/05/07 11:59:08 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_subr.c,v 1.50 2018/07/04 02:02:15 kamil Exp $");
 
 #include <sys/param.h>
 
@@ -287,7 +287,8 @@ ffs_clusteracct(struct fs *fs, struct cg
 	int32_t *sump;
 	int32_t *lp;
 	u_char *freemapp, *mapp;
-	int i, start, end, forw, back, map, bit;
+	int i, start, end, forw, back, map;
+	unsigned int bit;
 	const int needswap = UFS_FSNEEDSWAP(fs);
 
 	/* KASSERT(mutex_owned(&ump->um_lock)); */
@@ -312,7 +313,7 @@ ffs_clusteracct(struct fs *fs, struct cg
 		end = ufs_rw32(cgp->cg_nclusterblks, needswap);
 	mapp = &freemapp[start / NBBY];
 	map = *mapp++;
-	bit = 1 << (start % NBBY);
+	bit = 1U << (start % NBBY);
 	for (i = start; i < end; i++) {
 		if ((map & bit) == 0)
 			break;
@@ -333,7 +334,7 @@ ffs_clusteracct(struct fs *fs, struct cg
 		end = -1;
 	mapp = &freemapp[start / NBBY];
 	map = *mapp--;
-	bit = 1 << (start % NBBY);
+	bit = 1U << (start % NBBY);
 	for (i = start; i > end; i--) {
 		if ((map & bit) == 0)
 			break;
@@ -341,7 +342,7 @@ ffs_clusteracct(struct fs *fs, struct cg
 			bit >>= 1;
 		} else {
 			map = *mapp--;
-			bit = 1 << (NBBY - 1);
+			bit = 1U << (NBBY - 1);
 		}
 	}
 	back = start - i;