Handle negation in a way that doesn't upset compilers or UBSan.

Most BPF arithmetic is unsigned, but negation can't be unsigned; respecify it as subtracting the value from 0U, so that 1) we don't get compiler warnings about negating an unsigned value and 2) don't get UBSan warnings about the result of negating 0x80000000 being undefined. Credit to OSS-Fuzz for finding these issues.
author: Guy Harris <guy@alum.mit.edu> 2018-10-26 13:14:37 -0700
committer: Guy Harris <guy@alum.mit.edu> 2018-10-26 13:14:37 -0700
commit: 52a246fb5291e97ba97bc07fc66e0d598484e471 (patch)
tree: 627678444f24b3b6e1eb229d673333959e1707ec /bpf_filter.c
parent: cd512217e570f796ef3e3a7ad67c66d78c83c2dc (diff)
download: libpcap-52a246fb5291e97ba97bc07fc66e0d598484e471.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/bpf_filter.c b/bpf_filter.c
index b19b25d1..c41d0341 100644
--- a/bpf_filter.c
+++ b/bpf_filter.c
@@ -358,10 +358,13 @@ pcap_filter_with_aux_data(const struct bpf_insn *pc, const u_char *p,
 		case BPF_ALU|BPF_NEG:
 			/*
 			 * Most BPF arithmetic is unsigned, but negation
-			 * can't be unsigned; throw some casts to
-			 * specify what we're trying to do.
+			 * can't be unsigned; respecify it as subtracting
+			 * the accumulator from 0U, so that 1) we don't
+			 * get compiler warnings about negating an unsigned
+			 * value and 2) don't get UBSan warnings about
+			 * the result of negating 0x80000000 being undefined.
 			 */
-			A = (uint32_t)(-(int32_t)A);
+			A = (0U - A);
 			continue;
 
 		case BPF_MISC|BPF_TAX:
author	Guy Harris <guy@alum.mit.edu>	2018-10-26 13:14:37 -0700
committer	Guy Harris <guy@alum.mit.edu>	2018-10-26 13:14:37 -0700
commit	52a246fb5291e97ba97bc07fc66e0d598484e471 (patch)
tree	627678444f24b3b6e1eb229d673333959e1707ec /bpf_filter.c
parent	cd512217e570f796ef3e3a7ad67c66d78c83c2dc (diff)
download	libpcap-52a246fb5291e97ba97bc07fc66e0d598484e471.tar.gz