UBSan: Define FST LLT macros without integer overflow

FST_MAX_LLT_MS definition depended on undefined behavior with unsigned
integer overflow. Avoid that and also optimize the
FST_LLT_{MS_TO_VAL,VAL_TO_MS} macros to handle larger values without
overflowing 32-bit unsigned integers.

fst_session.c:1274:52: runtime error: unsigned integer overflow: 4294967295 * 32 cannot be represented in type 'unsigned int'

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-02-23 17:39:38 +02:00
parent 9140caf5fb
commit cce974d367

View File

@ -19,10 +19,18 @@
#define US_IN_MS 1000
#define LLT_UNIT_US 32 /* See 10.32.2.2 Transitioning between states */
#define FST_LLT_MS_TO_VAL(m) (((u32) (m)) * US_IN_MS / LLT_UNIT_US)
#define FST_LLT_VAL_TO_MS(v) (((u32) (v)) * LLT_UNIT_US / US_IN_MS)
#define FST_MAX_LLT_MS FST_LLT_VAL_TO_MS(-1)
/*
* These were originally
* #define FST_LLT_MS_TO_VAL(m) (((u32) (m)) * US_IN_MS / LLT_UNIT_US)
* #define FST_LLT_VAL_TO_MS(v) (((u32) (v)) * LLT_UNIT_US / US_IN_MS)
* #define FST_MAX_LLT_MS FST_LLT_VAL_TO_MS(-1)
* but those can overflow 32-bit unsigned integer, so use alternative defines
* to avoid undefined behavior with such overflow.
* LLT_UNIT_US/US_IN_MS = 32/1000 = 4/125
*/
#define FST_LLT_MS_TO_VAL(m) (((u32) (m)) * 125 / 4)
#define FST_LLT_VAL_TO_MS(v) (((u32) (v)) * 4 / 125)
#define FST_MAX_LLT_MS (((u32) -1) / 4)
#define FST_MAX_PRIO_VALUE ((u8) -1)
#define FST_MAX_GROUP_ID_LEN IFNAMSIZ