lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 17 Jun 2020 17:39:13 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     trix@...hat.com
Cc:     Stephen Smalley <stephen.smalley.work@...il.com>,
        Eric Paris <eparis@...isplace.org>,
        Ondrej Mosnacek <omosnace@...hat.com>, weiyongjun1@...wei.com,
        SElinux list <selinux@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] selinux: fix undefined return of cond_evaluate_expr

On Wed, Jun 17, 2020 at 4:51 PM Paul Moore <paul@...l-moore.com> wrote:
> On Wed, Jun 17, 2020 at 9:58 AM Stephen Smalley
> <stephen.smalley.work@...il.com> wrote:
> > On Wed, Jun 17, 2020 at 8:40 AM <trix@...hat.com> wrote:
> > >
> > > From: Tom Rix <trix@...hat.com>
> > >
> > > clang static analysis reports an undefined return
> > >
> > > security/selinux/ss/conditional.c:79:2: warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn]
> > >         return s[0];
> > >         ^~~~~~~~~~~
> > >
> > > static int cond_evaluate_expr( ...
> > > {
> > >         u32 i;
> > >         int s[COND_EXPR_MAXDEPTH];
> > >
> > >         for (i = 0; i < expr->len; i++)
> > >           ...
> > >
> > >         return s[0];
> > >
> > > When expr->len is 0, the loop which sets s[0] never runs.
> > >
> > > So return -1 if the loop never runs.
> > >
> > > Signed-off-by: Tom Rix <trix@...hat.com>
> >
> > Acked-by: Stephen Smalley <stephen.smalley.work@...il.com>
> >
> > clang didn't complain about the similar pattern in
> > security/selinux/ss/services.c:constraint_expr_eval()?
>
> Related question: I appreciate the work you are doing Tom, can you
> share how far along you are testing the SELinux code with clang?  I
> ask because it would be nice to roll all of these patches up into one
> PR for Linus instead of sending multiple updates.

Regardless, this patch looks good to me too so I've merged it into the
selinux/stable-5.8 branch with the others.  Thank you.

It would still be nice to know if there are other clang failures you
are working on fixing or if this is it for awhile.

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ