diff options
author | Sean McBride <sean@rogue-research.com> | 2012-11-29 23:20:11 (GMT) |
---|---|---|
committer | David Cole <david.cole@kitware.com> | 2012-11-30 13:04:48 (GMT) |
commit | 6a6a6f36707f9588249990eb2d67e414d2eebd38 (patch) | |
tree | cd7349d53c34c5d5bf781ce8e8e61fe104078360 /Utilities/cmlibarchive/libarchive/archive_endian.h | |
parent | e0af55a5f4cd84db1cc5a3517e730ea8c6332f45 (diff) | |
download | CMake-6a6a6f36707f9588249990eb2d67e414d2eebd38.zip CMake-6a6a6f36707f9588249990eb2d67e414d2eebd38.tar.gz CMake-6a6a6f36707f9588249990eb2d67e414d2eebd38.tar.bz2 |
libarchive: fixed undefined left shift with signed ints
caught by clang's -fsanitize=shift. A small unsigned int was
promoted, according to C's regular promotion rules, to a signed
int, it was then left shifted. This sometimes pushed a 1 into
the sign bit, which is undefined behaviour. Fixed by using
unsigned temporaries.
Diffstat (limited to 'Utilities/cmlibarchive/libarchive/archive_endian.h')
-rw-r--r-- | Utilities/cmlibarchive/libarchive/archive_endian.h | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/Utilities/cmlibarchive/libarchive/archive_endian.h b/Utilities/cmlibarchive/libarchive/archive_endian.h index bbf58fd..3c039f7 100644 --- a/Utilities/cmlibarchive/libarchive/archive_endian.h +++ b/Utilities/cmlibarchive/libarchive/archive_endian.h @@ -64,7 +64,13 @@ archive_be16dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; - return ((p[0] << 8) | p[1]); + /* Store into unsigned temporaries before left shifting, to avoid + promotion to signed int and then left shifting into the sign bit, + which is undefined behaviour. */ + unsigned int p1 = p[1]; + unsigned int p0 = p[0]; + + return ((p0 << 8) | p1); } static inline uint32_t @@ -72,7 +78,15 @@ archive_be32dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; - return ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + /* Store into unsigned temporaries before left shifting, to avoid + promotion to signed int and then left shifting into the sign bit, + which is undefined behaviour. */ + unsigned int p3 = p[3]; + unsigned int p2 = p[2]; + unsigned int p1 = p[1]; + unsigned int p0 = p[0]; + + return ((p0 << 24) | (p1 << 16) | (p2 << 8) | p3); } static inline uint64_t @@ -88,7 +102,13 @@ archive_le16dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; - return ((p[1] << 8) | p[0]); + /* Store into unsigned temporaries before left shifting, to avoid + promotion to signed int and then left shifting into the sign bit, + which is undefined behaviour. */ + unsigned int p1 = p[1]; + unsigned int p0 = p[0]; + + return ((p1 << 8) | p0); } static inline uint32_t @@ -96,7 +116,15 @@ archive_le32dec(const void *pp) { unsigned char const *p = (unsigned char const *)pp; - return ((p[3] << 24) | (p[2] << 16) | (p[1] << 8) | p[0]); + /* Store into unsigned temporaries before left shifting, to avoid + promotion to signed int and then left shifting into the sign bit, + which is undefined behaviour. */ + unsigned int p3 = p[3]; + unsigned int p2 = p[2]; + unsigned int p1 = p[1]; + unsigned int p0 = p[0]; + + return ((p3 << 24) | (p2 << 16) | (p1 << 8) | p0); } static inline uint64_t |