This addresses a situation when a boolean type is represented by
an integer and performing a left shift on a boolean causes
an integer overflow.
This fixes the following runtime error:
"left shift of 1 by 31 places cannot be represented in type 'int'"
---
mesh/crypto.c | 5 ++++-
mesh/net.c | 12 ++++++------
mesh/net.h | 8 ++++----
3 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/mesh/crypto.c b/mesh/crypto.c
index da227ebbb..668d16877 100644
--- a/mesh/crypto.c
+++ b/mesh/crypto.c
@@ -553,8 +553,11 @@ bool mesh_crypto_packet_build(bool ctl, uint8_t ttl,
n = 9;
if (!ctl) {
- hdr = segmented << SEG_HDR_SHIFT;
+ uint32_t tmp = segmented ? 0x1 : 0;
+
+ hdr = tmp << SEG_HDR_SHIFT;
hdr |= (key_aid & KEY_ID_MASK) << KEY_HDR_SHIFT;
+
if (segmented) {
hdr |= szmic << SZMIC_HDR_SHIFT;
hdr |= (seqZero & SEQ_ZERO_MASK) << SEQ_ZERO_HDR_SHIFT;
diff --git a/mesh/net.c b/mesh/net.c
index df82b2655..8ff3ef32e 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -1375,7 +1375,7 @@ static void friend_ack_rxed(struct mesh_net *net, uint32_t iv_index,
{
uint32_t hdr = l_get_be32(pkt) &
((SEQ_ZERO_MASK << SEQ_ZERO_HDR_SHIFT) | /* Preserve SeqZero */
- (true << RELAY_HDR_SHIFT)); /* Preserve Relay bit */
+ ((uint32_t) 0x01 << RELAY_HDR_SHIFT)); /* Preserve Relay bit */
uint32_t flags = l_get_be32(pkt + 3);
struct mesh_friend_msg frnd_ack = {
.ctl = true,
@@ -1410,14 +1410,14 @@ static void send_frnd_ack(struct mesh_net *net, uint16_t src, uint16_t dst,
expected = 0xffffffff >> (31 - SEG_TOTAL(hdr));
/* Clear Hdr bits that don't apply to Seg ACK */
- hdr &= ~((true << SEG_HDR_SHIFT) |
+ hdr &= ~(((uint32_t) 0x01 << SEG_HDR_SHIFT) |
(OPCODE_MASK << OPCODE_HDR_SHIFT) |
- (true << SZMIC_HDR_SHIFT) |
+ ((uint32_t) 0x01 << SZMIC_HDR_SHIFT) |
(SEG_MASK << SEGO_HDR_SHIFT) |
(SEG_MASK << SEGN_HDR_SHIFT));
hdr |= NET_OP_SEG_ACKNOWLEDGE << OPCODE_HDR_SHIFT;
- hdr |= true << RELAY_HDR_SHIFT;
+ hdr |= (uint32_t) 0x01 << RELAY_HDR_SHIFT;
/* Clear all unexpected bits */
flags &= expected;
@@ -1454,7 +1454,7 @@ static void send_net_ack(struct mesh_net *net, struct mesh_sar *sar,
hdr |= sar->seqZero << SEQ_ZERO_HDR_SHIFT;
if (is_lpn_friend(net, src))
- hdr |= true << RELAY_HDR_SHIFT;
+ hdr |= (uint32_t) 0x01 << RELAY_HDR_SHIFT;
l_put_be32(hdr, msg);
l_put_be32(flags, msg + 3);
@@ -1726,7 +1726,7 @@ static bool msg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index,
}
if (szmic || size > 15) {
- hdr |= true << SEG_HDR_SHIFT;
+ hdr |= (uint32_t) 0x01 << SEG_HDR_SHIFT;
hdr |= szmic << SZMIC_HDR_SHIFT;
hdr |= (seqZero & SEQ_ZERO_MASK) << SEQ_ZERO_HDR_SHIFT;
hdr |= SEG_MAX(true, size) << SEGN_HDR_SHIFT;
diff --git a/mesh/net.h b/mesh/net.h
index 1c2b5e7c6..0bacbbbbf 100644
--- a/mesh/net.h
+++ b/mesh/net.h
@@ -37,7 +37,7 @@ struct mesh_node;
#define SEGMENTED 0x80
#define UNSEGMENTED 0x00
#define SEG_HDR_SHIFT 31
-#define IS_SEGMENTED(hdr) (!!((hdr) & (true << SEG_HDR_SHIFT)))
+#define IS_SEGMENTED(hdr) (!!((hdr) & ((uint32_t) 0x1 << SEG_HDR_SHIFT)))
#define KEY_ID_MASK 0x7f
#define KEY_AID_MASK 0x3f
@@ -45,7 +45,7 @@ struct mesh_node;
#define KEY_AID_SHIFT 0
#define AKF_HDR_SHIFT 30
#define KEY_HDR_SHIFT 24
-#define HAS_APP_KEY(hdr) (!!((hdr) & (true << AKF_HDR_SHIFT)))
+#define HAS_APP_KEY(hdr) (!!((hdr) & ((uint32_t) 0x1 << AKF_HDR_SHIFT)))
#define OPCODE_MASK 0x7f
#define OPCODE_HDR_SHIFT 24
@@ -55,8 +55,8 @@ struct mesh_node;
#define SZMIC_HDR_SHIFT 23
#define SEQ_ZERO_MASK 0x1fff
#define SEQ_ZERO_HDR_SHIFT 10
-#define IS_RELAYED(hdr) (!!((hdr) & (true << RELAY_HDR_SHIFT)))
-#define HAS_MIC64(hdr) (!!((hdr) & (true << SZMIC_HDR_SHIFT)))
+#define IS_RELAYED(hdr) (!!((hdr) & ((uint32_t) 0x1 << RELAY_HDR_SHIFT)))
+#define HAS_MIC64(hdr) (!!((hdr) & ((uint32_t) 0x1 << SZMIC_HDR_SHIFT)))
#define SEG_MASK 0x1f
#define SEGO_HDR_SHIFT 5
--
2.35.1
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Brian Gix <[email protected]>:
On Wed, 30 Mar 2022 14:17:47 -0700 you wrote:
> This addresses a situation when a boolean type is represented by
> an integer and performing a left shift on a boolean causes
> an integer overflow.
>
> This fixes the following runtime error:
> "left shift of 1 by 31 places cannot be represented in type 'int'"
>
> [...]
Here is the summary with links:
- [BlueZ] mesh: use explicit uint32_t when bit shifting left
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=ff35b1d2e97e
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html