Re: [Linuxptp-devel] [PATCHv2] Avoid undefined integer operations.

2021-03-23 Thread Richard Cochran 
On Mon, Mar 22, 2021 at 05:04:04PM +0100, Miroslav Lichvar wrote:
> This fixes errors reported by the -fsanitize=undefined sanitizer.
> 
> Before accepting the message interval value from a sync message, check
> if it is between -10 and 22, same as required for the delay request
> interval.
> 
> In the calculation of fest/stats/nrate max_count use unsigned 1 to avoid
> an invalid shift by 31.
> 
> In tmv.h operations cast values to uint64_t to avoid signed overflows
> and a left-shift of a negative value.
> 
> Signed-off-by: Miroslav Lichvar 

Applied.

Thanks,
Richard


___
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel

[Linuxptp-devel] [PATCHv2] Avoid undefined integer operations.

2021-03-22 Thread Miroslav Lichvar 
This fixes errors reported by the -fsanitize=undefined sanitizer.

Before accepting the message interval value from a sync message, check
if it is between -10 and 22, same as required for the delay request
interval.

In the calculation of fest/stats/nrate max_count use unsigned 1 to avoid
an invalid shift by 31.

In tmv.h operations cast values to uint64_t to avoid signed overflows
and a left-shift of a negative value.

Signed-off-by: Miroslav Lichvar 
---
 clock.c |  4 ++--
 port.c  | 12 +---
 tmv.h   |  6 +++---
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/clock.c b/clock.c
index f88df58..85d7667 100644
--- a/clock.c
+++ b/clock.c
@@ -1881,7 +1881,7 @@ void clock_sync_interval(struct clock *c, int n)
shift = sizeof(int) * 8 - 1;
pr_warning("freq_est_interval is too long");
}
-   c->fest.max_count = (1 << shift);
+   c->fest.max_count = (1U << shift);
 
shift = c->stats_interval - n;
if (shift < 0)
@@ -1890,7 +1890,7 @@ void clock_sync_interval(struct clock *c, int n)
shift = sizeof(int) * 8 - 1;
pr_warning("summary_interval is too long");
}
-   c->stats.max_count = (1 << shift);
+   c->stats.max_count = (1U << shift);
 
servo_sync_interval(c->servo, n < 0 ? 1.0 / (1 << -n) : 1 << n);
 }
diff --git a/port.c b/port.c
index cefe780..da7c327 100644
--- a/port.c
+++ b/port.c
@@ -1070,7 +1070,7 @@ static void port_nrate_initialize(struct port *p)
 
p->nrate.origin1 = tmv_zero();
p->nrate.ingress1 = tmv_zero();
-   p->nrate.max_count = (1 << shift);
+   p->nrate.max_count = (1U << shift);
p->nrate.count = 0;
p->nrate.ratio = 1.0;
p->nrate.ratio_valid = 0;
@@ -2345,8 +2345,14 @@ void process_sync(struct port *p, struct ptp_message *m)
 
if (!msg_unicast(m) &&
m->header.logMessageInterval != p->log_sync_interval) {
-   p->log_sync_interval = m->header.logMessageInterval;
-   clock_sync_interval(p->clock, p->log_sync_interval);
+   if (m->header.logMessageInterval < -10 ||
+   m->header.logMessageInterval > 22) {
+   pl_info(300, "%s: ignore bogus sync interval 2^%d",
+   p->log_name, m->header.logMessageInterval);
+   } else {
+   p->log_sync_interval = m->header.logMessageInterval;
+   clock_sync_interval(p->clock, p->log_sync_interval);
+   }
}
 
m->header.correction += p->asymmetry;
diff --git a/tmv.h b/tmv.h
index 0c1155f..e5fe110 100644
--- a/tmv.h
+++ b/tmv.h
@@ -49,7 +49,7 @@ typedef struct {
 static inline tmv_t tmv_add(tmv_t a, tmv_t b)
 {
tmv_t t;
-   t.ns = a.ns + b.ns;
+   t.ns = (uint64_t)a.ns + (uint64_t)b.ns;
return t;
 }
 
@@ -78,7 +78,7 @@ static inline int tmv_is_zero(tmv_t x)
 static inline tmv_t tmv_sub(tmv_t a, tmv_t b)
 {
tmv_t t;
-   t.ns = a.ns - b.ns;
+   t.ns = (uint64_t)a.ns - (uint64_t)b.ns;
return t;
 }
 
@@ -126,7 +126,7 @@ static inline TimeInterval tmv_to_TimeInterval(tmv_t x)
} else if (x.ns > (int64_t)MAX_TMV_TO_TIMEINTERVAL) {
return MAX_TMV_TO_TIMEINTERVAL << 16;
}
-   return x.ns << 16;
+   return (uint64_t)x.ns << 16;
 }
 
 static inline struct Timestamp tmv_to_Timestamp(tmv_t x)
-- 
2.26.2



___
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel