diff options
| author | Ian Jackson <ian.jackson@eu.citrix.com> | 2013-06-14 16:39:36 +0100 |
|---|---|---|
| committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2013-06-14 16:39:36 +0100 |
| commit | 7a549a6aa04dba807f8dd4c1577ab6a7592c4c76 (patch) | |
| tree | 6958cff3e5eb8b755805f327cfc8d56052af2efa /tools/libxc | |
| parent | c84481fbc7de7d15ff7476b3b9cd2713f81feaa3 (diff) | |
| download | xen-7a549a6aa04dba807f8dd4c1577ab6a7592c4c76.tar.gz xen-7a549a6aa04dba807f8dd4c1577ab6a7592c4c76.tar.bz2 xen-7a549a6aa04dba807f8dd4c1577ab6a7592c4c76.zip | |
libelf: use C99 bool for booleans
We want to remove uses of "int" because signed integers have
undesirable undefined behaviours on overflow. Malicious compilers can
turn apparently-correct code into code with security vulnerabilities
etc.
In this patch we change all the booleans in libelf to C99 bool,
from <stdbool.h>.
For the one visible libelf boolean in libxc's public interface we
retain the use of int to avoid changing the ABI; libxc converts it to
a bool for consumption by libelf.
It is OK to change all values only ever used as booleans to _Bool
(bool) because conversion from any scalar type to a _Bool works the
same as the boolean test in if() or ?: and is always defined (C99
6.3.1.2). But we do need to check that all these variables really are
only ever used that way. (It is theoretically possible that the old
code truncated some 64-bit values to 32-bit ints which might become
zero depending on the value, which would mean a behavioural change in
this patch, but it seems implausible that treating 0x????????00000000
as false could have been intended.)
This is part of the fix to a security issue, XSA-55.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
v3: Use <stdbool.h>'s bool (or _Bool) instead of defining elf_bool.
Split this into a separate patch.
Diffstat (limited to 'tools/libxc')
| -rw-r--r-- | tools/libxc/xc_dom_elfloader.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/tools/libxc/xc_dom_elfloader.c b/tools/libxc/xc_dom_elfloader.c index a0d39b31ae..8f9c2fbb3b 100644 --- a/tools/libxc/xc_dom_elfloader.c +++ b/tools/libxc/xc_dom_elfloader.c @@ -34,7 +34,7 @@ /* ------------------------------------------------------------------------ */ static void log_callback(struct elf_binary *elf, void *caller_data, - int iserr, const char *fmt, va_list al) { + bool iserr, const char *fmt, va_list al) { xc_interface *xch = caller_data; xc_reportv(xch, @@ -46,7 +46,7 @@ static void log_callback(struct elf_binary *elf, void *caller_data, void xc_elf_set_logfile(xc_interface *xch, struct elf_binary *elf, int verbose) { - elf_set_log(elf, log_callback, xch, verbose); + elf_set_log(elf, log_callback, xch, verbose /* convert to bool */); } /* ------------------------------------------------------------------------ */ @@ -82,7 +82,7 @@ static char *xc_dom_guest_type(struct xc_dom_image *dom, /* ------------------------------------------------------------------------ */ /* parse elf binary */ -static int check_elf_kernel(struct xc_dom_image *dom, int verbose) +static int check_elf_kernel(struct xc_dom_image *dom, bool verbose) { if ( dom->kernel_blob == NULL ) { @@ -110,7 +110,7 @@ static int xc_dom_probe_elf_kernel(struct xc_dom_image *dom) } static int xc_dom_load_elf_symtab(struct xc_dom_image *dom, - struct elf_binary *elf, int load) + struct elf_binary *elf, bool load) { struct elf_binary syms; ELF_HANDLE_DECL_NONCONST(elf_shdr) shdr; ELF_HANDLE_DECL(elf_shdr) shdr2; |