| Message ID | 20221121023329.2423665-1-zhongbaisong@huawei.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [-next] ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT | expand |
On Mon, 21 Nov 2022 03:33:29 +0100, Baisong Zhong wrote: > > Shifting signed 32-bit value by 31 bits is undefined, so changing > significant bit to unsigned. The UBSAN warning calltrace like below: > > UBSAN: shift-out-of-bounds in sound/core/pcm_native.c:2676:21 > left shift of 1 by 31 places cannot be represented in type 'int' > ... > Call Trace: > <TASK> > dump_stack_lvl+0x8d/0xcf > ubsan_epilogue+0xa/0x44 > __ubsan_handle_shift_out_of_bounds+0x1e7/0x208 > snd_pcm_open_substream+0x9f0/0xa90 > snd_pcm_oss_open.part.26+0x313/0x670 > snd_pcm_oss_open+0x30/0x40 > soundcore_open+0x18b/0x2e0 > chrdev_open+0xe2/0x270 > do_dentry_open+0x2f7/0x620 > path_openat+0xd66/0xe70 > do_filp_open+0xe3/0x170 > do_sys_openat2+0x357/0x4a0 > do_sys_open+0x87/0xd0 > do_syscall_64+0x34/0x80 > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com> > --- > include/sound/pcm.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/sound/pcm.h b/include/sound/pcm.h > index 7b1a022910e8..ec28c2ec89de 100644 > --- a/include/sound/pcm.h > +++ b/include/sound/pcm.h > @@ -123,7 +123,7 @@ struct snd_pcm_ops { > #define SNDRV_PCM_RATE_384000 (1<<14) /* 384000Hz */ > > #define SNDRV_PCM_RATE_CONTINUOUS (1<<30) /* continuous range */ > -#define SNDRV_PCM_RATE_KNOT (1<<31) /* supports more non-continuos rates */ > +#define SNDRV_PCM_RATE_KNOT (1U<<31) /* supports more non-continuos rates */ Could you rather update all SNDRV_PCM_RATE_* to 1U? Otherwise it'll look inconsistent. thanks, Takashi
在 2022/11/21 18:35, Takashi Iwai 写道: > On Mon, 21 Nov 2022 03:33:29 +0100, > Baisong Zhong wrote: >> >> Shifting signed 32-bit value by 31 bits is undefined, so changing >> significant bit to unsigned. The UBSAN warning calltrace like below: >> >> UBSAN: shift-out-of-bounds in sound/core/pcm_native.c:2676:21 >> left shift of 1 by 31 places cannot be represented in type 'int' >> ... >> Call Trace: >> <TASK> >> dump_stack_lvl+0x8d/0xcf >> ubsan_epilogue+0xa/0x44 >> __ubsan_handle_shift_out_of_bounds+0x1e7/0x208 >> snd_pcm_open_substream+0x9f0/0xa90 >> snd_pcm_oss_open.part.26+0x313/0x670 >> snd_pcm_oss_open+0x30/0x40 >> soundcore_open+0x18b/0x2e0 >> chrdev_open+0xe2/0x270 >> do_dentry_open+0x2f7/0x620 >> path_openat+0xd66/0xe70 >> do_filp_open+0xe3/0x170 >> do_sys_openat2+0x357/0x4a0 >> do_sys_open+0x87/0xd0 >> do_syscall_64+0x34/0x80 >> >> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") >> Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com> >> --- >> include/sound/pcm.h | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/include/sound/pcm.h b/include/sound/pcm.h >> index 7b1a022910e8..ec28c2ec89de 100644 >> --- a/include/sound/pcm.h >> +++ b/include/sound/pcm.h >> @@ -123,7 +123,7 @@ struct snd_pcm_ops { >> #define SNDRV_PCM_RATE_384000 (1<<14) /* 384000Hz */ >> >> #define SNDRV_PCM_RATE_CONTINUOUS (1<<30) /* continuous range */ >> -#define SNDRV_PCM_RATE_KNOT (1<<31) /* supports more non-continuos rates */ >> +#define SNDRV_PCM_RATE_KNOT (1U<<31) /* supports more non-continuos rates */ > > Could you rather update all SNDRV_PCM_RATE_* to 1U? > Otherwise it'll look inconsistent. > > > thanks, > > Takashi Hi, Takashi Thank you for your suggestion. I will update all SNDRV_PCM_RATE_* to 1U for consistency in v2. Baisong Zhong .
diff --git a/include/sound/pcm.h b/include/sound/pcm.h index 7b1a022910e8..ec28c2ec89de 100644 --- a/include/sound/pcm.h +++ b/include/sound/pcm.h @@ -123,7 +123,7 @@ struct snd_pcm_ops { #define SNDRV_PCM_RATE_384000 (1<<14) /* 384000Hz */ #define SNDRV_PCM_RATE_CONTINUOUS (1<<30) /* continuous range */ -#define SNDRV_PCM_RATE_KNOT (1<<31) /* supports more non-continuos rates */ +#define SNDRV_PCM_RATE_KNOT (1U<<31) /* supports more non-continuos rates */ #define SNDRV_PCM_RATE_8000_44100 (SNDRV_PCM_RATE_8000|SNDRV_PCM_RATE_11025|\ SNDRV_PCM_RATE_16000|SNDRV_PCM_RATE_22050|\
Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in sound/core/pcm_native.c:2676:21 left shift of 1 by 31 places cannot be represented in type 'int' ... Call Trace: <TASK> dump_stack_lvl+0x8d/0xcf ubsan_epilogue+0xa/0x44 __ubsan_handle_shift_out_of_bounds+0x1e7/0x208 snd_pcm_open_substream+0x9f0/0xa90 snd_pcm_oss_open.part.26+0x313/0x670 snd_pcm_oss_open+0x30/0x40 soundcore_open+0x18b/0x2e0 chrdev_open+0xe2/0x270 do_dentry_open+0x2f7/0x620 path_openat+0xd66/0xe70 do_filp_open+0xe3/0x170 do_sys_openat2+0x357/0x4a0 do_sys_open+0x87/0xd0 do_syscall_64+0x34/0x80 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com> --- include/sound/pcm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)