ndk_compat: bound the shift in set_cpu_mask_bit#465
Open
EylonKrause wants to merge 1 commit into
Open
Conversation
parse_cpu_mask's single-index path passes the parsed cpu index straight to set_cpu_mask_bit, which did `*cpu_mask |= 1UL << index` with no bound. cpu_mask is a 32-bit mask, so an index >= 32 truncates, and an index >= the width of the shifted type (a lone core index >= 64 on a many-core machine, or a crafted topology line) is undefined behavior. The range path already guards `i < 32`; apply the same bound in the helper so both callers are safe, and shift a uint32_t to match the mask type.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
parse_cpu_maskparses a CPU-topology mask (e.g. from/sys/devices/system/cpu/.../topology). Its single-index branch callsset_cpu_mask_bit(cpu_index, ...)with the parsed index directly, and the helper does:cpu_maskis auint32_t(a 32-CPU mask). Anindex >= 32truncates into the mask, and anindex>= the width of the shifted type — a lone core index>= 64on a many-core machine, or a crafted/foreign topology line — makes1UL << indexundefined behavior. The range branch already guardsif (i < 32); the single-index branch has no such bound.Fix
Bound the shift inside
set_cpu_mask_bit(so both callers are covered), matching the existing 32-CPU limit, and shift auint32_tto match the mask type.Testing
ndk_compatisn't built on this x86 host, but the change is a localized guard consistent with the range path's existingi < 32check and theuint32_tmask width.