* [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices
@ 2026-04-19 13:16 Nithurshen
2026-04-19 13:16 ` [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize Nithurshen
2026-04-20 1:52 ` [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices Gao Xiang
0 siblings, 2 replies; 6+ messages in thread
From: Nithurshen @ 2026-04-19 13:16 UTC (permalink / raw)
To: linux-erofs; +Cc: xiang, hsiangkao, Nithurshen
In erofs_init_devices(), roundup_pow_of_two() can potentially trigger
an undefined behavior shift if the incremented 'ondisk_extradevs'
value results in an overflow or an input that leads to an
out-of-bounds shift.
Promote the argument to u64 before the increment to ensure the
rounding logic operates on a safe bit-width.
Signed-off-by: Nithurshen <nithurshen.dev@gmail.com>
---
lib/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/super.c b/lib/super.c
index 088c9a0..10831a7 100644
--- a/lib/super.c
+++ b/lib/super.c
@@ -49,7 +49,7 @@ static int erofs_init_devices(struct erofs_sb_info *sbi,
return 0;
sbi->extra_devices = ondisk_extradevs;
- sbi->device_id_mask = roundup_pow_of_two(ondisk_extradevs + 1) - 1;
+ sbi->device_id_mask = roundup_pow_of_two((u64)ondisk_extradevs + 1) - 1;
sbi->devs = calloc(ondisk_extradevs, sizeof(*sbi->devs));
if (!sbi->devs)
return -ENOMEM;
--
2.52.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize
2026-04-19 13:16 [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices Nithurshen
@ 2026-04-19 13:16 ` Nithurshen
2026-04-20 1:54 ` Gao Xiang
2026-04-20 1:52 ` [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices Gao Xiang
1 sibling, 1 reply; 6+ messages in thread
From: Nithurshen @ 2026-04-19 13:16 UTC (permalink / raw)
To: linux-erofs; +Cc: xiang, hsiangkao, Nithurshen
In erofs_compressor_libzstd_setdictsize(), if pclustersize_max is 0,
dict_size becomes 0, leading to undefined behavior when calling
ilog2(0). This results in an invalid bit shift (e.g., shifting
a 32-bit value by 63 bits), as reported by cppcheck.
Fix this by adding guards to ensure dict_size is non-zero before
performing power-of-two rounding and validation.
Signed-off-by: Nithurshen <nithurshen.dev@gmail.com>
---
lib/compressor_libzstd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/compressor_libzstd.c b/lib/compressor_libzstd.c
index 6330f44..eb768de 100644
--- a/lib/compressor_libzstd.c
+++ b/lib/compressor_libzstd.c
@@ -123,10 +123,11 @@ static int erofs_compressor_libzstd_setdictsize(struct erofs_compress *c,
} else {
dict_size = min_t(u32, Z_EROFS_ZSTD_MAX_DICT_SIZE,
pclustersize_max << 3);
- dict_size = 1U << ilog2(dict_size);
+ if (dict_size)
+ dict_size = 1U << ilog2(dict_size);
}
}
- if (dict_size != 1U << ilog2(dict_size) ||
+ if (!dict_size || dict_size != 1U << ilog2(dict_size) ||
dict_size > Z_EROFS_ZSTD_MAX_DICT_SIZE) {
erofs_err("invalid dictionary size %u", dict_size);
return -EINVAL;
--
2.52.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices
2026-04-19 13:16 [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices Nithurshen
2026-04-19 13:16 ` [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize Nithurshen
@ 2026-04-20 1:52 ` Gao Xiang
2026-04-20 2:50 ` [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize Nithurshen
1 sibling, 1 reply; 6+ messages in thread
From: Gao Xiang @ 2026-04-20 1:52 UTC (permalink / raw)
To: Nithurshen, linux-erofs; +Cc: xiang
On 2026/4/19 21:16, Nithurshen wrote:
> In erofs_init_devices(), roundup_pow_of_two() can potentially trigger
> an undefined behavior shift if the incremented 'ondisk_extradevs'
> value results in an overflow or an input that leads to an
> out-of-bounds shift.
I wonder why there is "out-of-bounds shift"? why you all
think it's an issue? Can you please explain in details?
ondisk_extradevs is 65535 at most.
Thanks,
Gao Xiang
>
> Promote the argument to u64 before the increment to ensure the
> rounding logic operates on a safe bit-width.
>
> Signed-off-by: Nithurshen <nithurshen.dev@gmail.com>
> ---
> lib/super.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/super.c b/lib/super.c
> index 088c9a0..10831a7 100644
> --- a/lib/super.c
> +++ b/lib/super.c
> @@ -49,7 +49,7 @@ static int erofs_init_devices(struct erofs_sb_info *sbi,
> return 0;
>
> sbi->extra_devices = ondisk_extradevs;
> - sbi->device_id_mask = roundup_pow_of_two(ondisk_extradevs + 1) - 1;
> + sbi->device_id_mask = roundup_pow_of_two((u64)ondisk_extradevs + 1) - 1;
> sbi->devs = calloc(ondisk_extradevs, sizeof(*sbi->devs));
> if (!sbi->devs)
> return -ENOMEM;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize
2026-04-19 13:16 ` [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize Nithurshen
@ 2026-04-20 1:54 ` Gao Xiang
0 siblings, 0 replies; 6+ messages in thread
From: Gao Xiang @ 2026-04-20 1:54 UTC (permalink / raw)
To: Nithurshen, linux-erofs; +Cc: xiang
On 2026/4/19 21:16, Nithurshen wrote:
> In erofs_compressor_libzstd_setdictsize(), if pclustersize_max is 0,
How pclustersize_max is 0? explain please?
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize
2026-04-20 1:52 ` [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices Gao Xiang
@ 2026-04-20 2:50 ` Nithurshen
2026-04-20 2:57 ` Gao Xiang
0 siblings, 1 reply; 6+ messages in thread
From: Nithurshen @ 2026-04-20 2:50 UTC (permalink / raw)
To: hsiangkao; +Cc: linux-erofs, nithurshen.dev, xiang
Hi Xiang,
I do agree that `pclustersize_max` is always greater than 0 and
`ondisk_extradevs` is at max 65535.
My intent was to look at these functions as independent blocks.
Even though the current upstream callers provide safe inputs, I
wanted to make them robust against any undefined behavior in case
they are reused in the future.
Thanks,
Nithurshen
Regards,
Nithurshen
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize
2026-04-20 2:50 ` [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize Nithurshen
@ 2026-04-20 2:57 ` Gao Xiang
0 siblings, 0 replies; 6+ messages in thread
From: Gao Xiang @ 2026-04-20 2:57 UTC (permalink / raw)
To: Nithurshen; +Cc: linux-erofs, xiang
On 2026/4/20 10:50, Nithurshen wrote:
> Hi Xiang,
>
> I do agree that `pclustersize_max` is always greater than 0 and
> `ondisk_extradevs` is at max 65535.
>
> My intent was to look at these functions as independent blocks.
> Even though the current upstream callers provide safe inputs, I
> wanted to make them robust against any undefined behavior in case
> they are reused in the future.
They won't be reused in any case like this.
>
> Thanks,
> Nithurshen
>
> Regards,
> Nithurshen
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-04-20 2:57 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-19 13:16 [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices Nithurshen
2026-04-19 13:16 ` [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize Nithurshen
2026-04-20 1:54 ` Gao Xiang
2026-04-20 1:52 ` [PATCH 1/2] erofs-utils: fix undefined behavior shift in erofs_init_devices Gao Xiang
2026-04-20 2:50 ` [PATCH 2/2] erofs-utils: libzstd: fix undefined behavior shift in setdictsize Nithurshen
2026-04-20 2:57 ` Gao Xiang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox