common/lib/libc/stdlib/random.c:482:6 can result in signed integer overflow.
This bug was reported by UBSan runs.
The change has been tested using the following program to generate random numbers
in both the old and the new library and can be used to verify the correctness of the
library after the change.
#include <stdio.h>
#include <stdlib.h>
#define COUNT 1000 * 1000
int
main(void)
{
int i;
FILE *fp = fopen("numbers.txt", "w");
srandom(0xdeadbeef);
for(i = 0; i < COUNT; i++) {
fprintf(fp, "%ld\n", random());
}
fclose(fp);
return 0;
}
Reviewed by: riastradh@ , kamil@
Instead of implicid promotion to signed int,
explicitly cast the arguments to unsigned int.
_rand48.c:53:27, signed integer overflow:
58989 * 58970 cannot be represented in type 'int'
_rand48.c:53:38, signed integer overflow:
-2093025904 + -1496809120 cannot be represented in type 'int'
_rand48.c:53:57, signed integer overflow:
57068 * 42787 cannot be represented in type 'int'
New and old code produce the same code as tested with:
#include <stdio.h>
#include <stdlib.h>
#define COUNT 1000 * 1000
int
main(void)
{
FILE *fp;
int i;
fp = fopen("numbers.txt", "w+");
if (!fp)
abort();
for(i = 0; i < COUNT; i++) {
fprintf(fp, "%f\n", drand48());
fprintf(fp, "%ld\n", lrand48());
fprintf(fp, "%ld\n", mrand48());
}
fclose(fp);
return 0;
}
boot.c:150:29, left shift of 255 by 24 places cannot be represented in type 'int'
boot.c:153:29, left shift of 255 by 24 places cannot be represented in type 'int'
Until we get ZFS integrated into our boot loader, this is the next best
thing. The idea is simple - have a small FFS partition with a kernel,
modules and this ramdisk. Once the ramdisk boots it will mount the FFS
partition read only, copy the needed ZFS modules to the ramdisk and then
unmount the partition. Then we import the ZFS root pool, mount the
ZFS root filesystem and then pivot to it.
Because the initial FFS partition is not mounted at this point, we
can mount it in /altroot so we can replace the kernel and modules with
newer ones so it's easily maintainable.
This ZFS boot strapper currently makes the following assumptions:
* The device NAME=boot is the FFS with kernel, modules and this ramdisk.
* The ZFS root pool and root filesystem are called rpool/ROOT.
A boot.cfg menu entry can then be added like so:
menu=Boot ZFS root:fs /ramdisk-zfsroot.fs;boot
false positive with kMSan.
Here, LLVM reorders the conditions and checks 'vattr' before 'error'. But
if 'error' is non-zero then 'vattr' is not initialized, and kMSan notices
the uninitialized memory read.
ad