Merge into trunk : fix-unsigned-to-long-overflow : Code : MirAL

Status:

Rejected

Rejected by:

Brandon Schaefer on 2017-09-18

Proposed branch:

lp:~brandontschaefer/miral/fix-unsigned-to-long-overflow

Merge into:

lp:miral

Diff against target:

15 lines (+3/-2)

1 file modified

miral/window_info.cpp (+3/-2)

To merge this branch:

bzr merge lp:~brandontschaefer/miral/fix-unsigned-to-long-overflow

Critical

Fix Committed

Link a bug report

Reviewer	Review Type	Date Requested	Status
Mir CI Bot	continuous-integration		Needs Fixing on 2017-09-14
Mir development team		2017-09-14	Pending
Review via email: mp+330778@code.launchpad.net

Commit message

On armhf where sizeof(long) == sizeof(int) an overflow was happening when casting the unsigned::max() aspect to a long resulting in a -1. This allows for a div by 0 because the error check is positive due to the overflow:

Description of the change

On armhf where sizeof(long) == sizeof(int) an overflow was happening when casting the unsigned::max() aspect to a long resulting in a -1. This allows for a div by 0 because the error check is positive due to the overflow:

error = 640 * 0 - 420 * -1

if (error > 0)
// ends up in div by 0

The fix here sets the max value from unsigned::max() to int::max() since sizeof(long) >= sizeof(int). So an unsigned int can be casted into a long with out overflow.

Revision history for this message

Mir CI Bot (mir-ci-bot) wrote on 2017-09-14:

#

Click here to trigger a rebuild:
https://mir-jenkins.ubuntu.com/job/miral-ci/75/rebuild

review: Needs Fixing (continuous-integration)

Revision history for this message

Brandon Schaefer (brandontschaefer) wrote on 2017-09-18:

#

Better fix:
https://code.launchpad.net/~alan-griffiths/miral/fix-1717061/+merge/330832

Unmerged revisions

580. By Brandon Schaefer on 2017-09-14: * Set the min_aspect height and max_aspect width as an int::max().
Due to the aspects being cast into a long, we dont want to overflow
on a 32bit arch. sizeof(long) >= sizeof(int)

1	=== modified file 'miral/window_info.cpp'
2	--- miral/window_info.cpp 2017-08-10 16:59:22 +0000
3	+++ miral/window_info.cpp 2017-09-14 21:22:30 +0000
4	@@ -79,8 +79,9 @@
5	confine_pointer(optional_value_or_default(params.confine_pointer(), mir_pointer_unconfined)),
6	width_inc{optional_value_or_default(params.width_inc(), DeltaX{1})},
7	height_inc{optional_value_or_default(params.height_inc(), DeltaY{1})},
8	- min_aspect(optional_value_or_default(params.min_aspect(), AspectRatio{0U, std::numeric_limits<unsigned>::max()})),
9	- max_aspect(optional_value_or_default(params.max_aspect(), AspectRatio{std::numeric_limits<unsigned>::max(), 0U})),
10	+ // sizeof(long) >= sizeof(int). We cast from unsigned to long so we need to fit within a signed int without overflowing
11	+ min_aspect(optional_value_or_default(params.min_aspect(), AspectRatio{0U, std::numeric_limits<int>::max()})),
12	+ max_aspect(optional_value_or_default(params.max_aspect(), AspectRatio{std::numeric_limits<int>::max(), 0U})),
13	shell_chrome(optional_value_or_default(params.shell_chrome(), mir_shell_chrome_normal))
14	{
15	if (params.output_id().is_set())

MirAL

Merge lp:~brandontschaefer/miral/fix-unsigned-to-long-overflow into lp:miral

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers