Patchwork D3729: bitmanipulation: fix undefined behavior in bit shift in getbe32

login
register
mail settings
Submitter phabricator
Date June 13, 2018, 5:31 p.m.
Message ID <678752c4fca09f42ebc322b7d8ccda67@localhost.localdomain>
Download mbox | patch
Permalink /patch/32120/
State Not Applicable
Headers show

Comments

phabricator - June 13, 2018, 5:31 p.m.
This revision was automatically updated to reflect the committed changes.
Closed by commit rHG1fb2510cf8c8: bitmanipulation: fix undefined behavior in bit shift in getbe32 (authored by durin42, committed by ).

REPOSITORY
  rHG Mercurial

CHANGES SINCE LAST UPDATE
  https://phab.mercurial-scm.org/D3729?vs=9051&id=9052

REVISION DETAIL
  https://phab.mercurial-scm.org/D3729

AFFECTED FILES
  contrib/fuzz/mpatch_corpus.py
  mercurial/bitmanipulation.h

CHANGE DETAILS




To: durin42, #hg-reviewers
Cc: mercurial-devel

Patch

diff --git a/mercurial/bitmanipulation.h b/mercurial/bitmanipulation.h
--- a/mercurial/bitmanipulation.h
+++ b/mercurial/bitmanipulation.h
@@ -9,7 +9,8 @@ 
 {
 	const unsigned char *d = (const unsigned char *)c;
 
-	return ((d[0] << 24) | (d[1] << 16) | (d[2] << 8) | (d[3]));
+	return ((((uint32_t)d[0]) << 24) | (((uint32_t)d[1]) << 16) |
+	        (((uint32_t)d[2]) << 8) | (d[3]));
 }
 
 static inline int16_t getbeint16(const char *c)
diff --git a/contrib/fuzz/mpatch_corpus.py b/contrib/fuzz/mpatch_corpus.py
--- a/contrib/fuzz/mpatch_corpus.py
+++ b/contrib/fuzz/mpatch_corpus.py
@@ -78,6 +78,10 @@ 
     zf.writestr(
         "mpatch_decode_old_overread", "\x02\x00\x00\x00\x02\x00\x00\x00"
     )
+    # https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8876
+    zf.writestr(
+        "mpatch_ossfuzz_getbe32_ubsan",
+        "\x02\x00\x00\x00\x0c    \xff\xff\xff\xff    ")
     zf.writestr(
         "mpatch_apply_over_memcpy",
         '\x13\x01\x00\x05\xd0\x00\x00\x00\x00\x00\x00\x00\x00\n \x00\x00\x00'