| Message ID | 1541098281-18548-1-git-send-email-pkusunyifeng@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [ovs-dev] oss-fuzz: Use unsigned for left shift in ofctl_parse_flows__ | expand |
On Thu, Nov 01, 2018 at 11:51:21AM -0700, Yifeng Sun wrote: > Left shift int (1 here) can result in a negative value. This is an undefined > behavior according to ISO C99 (6.5.7). > > The error message reported by oss-fuzz is: > runtime error: left shift of 1 by 31 places cannot be represented in type 'int' > > This patch fixes it by changing signed int to unsigned int. > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11166 > Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> Thanks, applied to master.
diff --git a/tests/oss-fuzz/ofctl_parse_target.c b/tests/oss-fuzz/ofctl_parse_target.c index 8a906400a5cc..fbd91bdd3e81 100644 --- a/tests/oss-fuzz/ofctl_parse_target.c +++ b/tests/oss-fuzz/ofctl_parse_target.c @@ -24,7 +24,7 @@ ofctl_parse_flows__(struct ofputil_flow_mod *fms, size_t n_fms, printf("no usable protocol\n"); } for (i = 0; i < sizeof(enum ofputil_protocol) * CHAR_BIT; i++) { - protocol = 1 << i; + protocol = 1u << i; if (protocol & usable_protocols & OFPUTIL_P_ANY) { break; }
Left shift int (1 here) can result in a negative value. This is an undefined behavior according to ISO C99 (6.5.7). The error message reported by oss-fuzz is: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' This patch fixes it by changing signed int to unsigned int. Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11166 Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com> --- tests/oss-fuzz/ofctl_parse_target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)