size is uint16_t, promoted to int. When size is UINT16_MAX (0xFFFF), the expression (size << 16) shifts a 1 into the sign bit of the resulting int, which is undefined behavior in C.
Cast to uint32_t before shifting to avoid UB. Found by OpenScanHub Coverity (INTEGER_OVERFLOW). Signed-off-by: Timothy Redaelli <[email protected]> --- ofproto/ofproto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c index ec6d60a44..9b47869c2 100644 --- a/ofproto/ofproto.c +++ b/ofproto/ofproto.c @@ -9075,7 +9075,7 @@ static uint32_t eviction_group_priority(size_t n_rules) { uint16_t size = MIN(UINT16_MAX, n_rules); - return (size << 16) | random_uint16(); + return ((uint32_t) size << 16) | random_uint16(); } /* Updates 'evg', an eviction_group within 'table', following a change that -- 2.54.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
