lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ef045b6e-14cd-a2a8-f89f-35d38776ed8b@omp.ru>
Date: Wed, 13 Mar 2024 21:23:38 +0300
From: Sergey Shtylyov <s.shtylyov@....ru>
To: Roman Smirnov <r.smirnov@....ru>, <linux-kernel@...r.kernel.org>
CC: <lvc-project@...uxtesting.org>
Subject: Re: [PATCH] fixp-arith: prevent division by zero in fixp_sin32_rad()

On 3/12/24 12:48 PM, Roman Smirnov wrote:

> The parameter twopi can have a zero value. It is necessary
> to prevent division by zero.
> 
> Found by Linux Verification Center (linuxtesting.org) with Svace.
> 
> Signed-off-by: Roman Smirnov <r.smirnov@....ru>
> ---
>  include/linux/fixp-arith.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/fixp-arith.h b/include/linux/fixp-arith.h
> index e485fb0c1201..434eee8bd9ef 100644
> --- a/include/linux/fixp-arith.h
> +++ b/include/linux/fixp-arith.h
> @@ -118,8 +118,9 @@ static inline s32 fixp_sin32_rad(u32 radians, u32 twopi)
>  
>  	/*
>  	 * Avoid too large values for twopi, as we don't want overflows.
> +	 * Also prevent division by zero.
>  	 */
> -	BUG_ON(twopi > 1 << 18);
> +	BUG_ON(!twopi || twopi > 1 << 18);

    Not really sure ATM that BUG_ON() is better than division by 0
(which should cause exception 0 on x86 but I'm not sure about e.g.
ARM32/64)...

>  
>  	degrees = (radians * 360) / twopi;
>  	tmp = radians - (degrees * twopi) / 360;
> 

Reviewed-by: Sergey Shtylyov <s.shtylyov@....ru>

[...]

MBR, Sergey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ