Closed Bug 826201 Opened 13 years ago Closed 12 years ago

Use sufficiently large integer when left shifting bits in security/nss/lib/util/utilpars.c

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.15.2

People

(Reporter: kolya, Assigned: kolya)

Details

Attachments

(1 file, 1 obsolete file)

An updated patch that catches a few more (1<<i) cases
1.37 KB, patch
KaiE
: review+
Details | Diff | Splinter Review
Attached file mp0 (obsolete) —
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.45 Safari/537.17 Steps to reproduce: I looked for various bugs in the Mozilla source code. Actual results: I found a minor issue in security/nss/lib/util/utilpars.c, where on a 64-bit system nssutil_mkSlotFlags() and nssutil_mkCipherFlags() can left-shift an ((int)1) by 31 or more bits, which is undefined behavior in C. This can lead to some potentially surprising results: e.g., gcc-4.7.2 on a 64-bit system produces 0xffffffff80000000 as the value of (unsigned long)(1<<31). The attached patch should fix the problem by avoiding this undefined behavior.
Attachment #697382 - Attachment is obsolete: true
Assignee: nobody → kolya
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: Trunk → trunk
Attachment #697383 - Flags: review?(kaie)
Nickolai, thanks a lot for your report and the patch. (In reply to Nickolai Zeldovich from comment #0) > gcc-4.7.2 on a 64-bit > system produces 0xffffffff80000000 as the value of (unsigned long)(1<<31). Confirmed. r=kaie, however, I propose to replace all occurrences of ((unsigned long) 1) with 1UL I think that's easier to read.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attachment #697383 - Flags: review?(kaie) → review+
Summary: Minor bug in security/nss/lib/util/utilpars.c → Use sufficiently large integer when left shifting bits in security/nss/lib/util/utilpars.c
https://hg.mozilla.org/projects/nss/rev/99fe7b8550c7
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.15.2
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: