diff options
| author | Ian Jackson <ian.jackson@eu.citrix.com> | 2013-06-14 16:39:36 +0100 |
|---|---|---|
| committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2013-06-14 16:39:36 +0100 |
| commit | 7a549a6aa04dba807f8dd4c1577ab6a7592c4c76 (patch) | |
| tree | 6958cff3e5eb8b755805f327cfc8d56052af2efa /xen/common | |
| parent | c84481fbc7de7d15ff7476b3b9cd2713f81feaa3 (diff) | |
| download | xen-7a549a6aa04dba807f8dd4c1577ab6a7592c4c76.tar.gz xen-7a549a6aa04dba807f8dd4c1577ab6a7592c4c76.tar.bz2 xen-7a549a6aa04dba807f8dd4c1577ab6a7592c4c76.zip | |
libelf: use C99 bool for booleans
We want to remove uses of "int" because signed integers have
undesirable undefined behaviours on overflow. Malicious compilers can
turn apparently-correct code into code with security vulnerabilities
etc.
In this patch we change all the booleans in libelf to C99 bool,
from <stdbool.h>.
For the one visible libelf boolean in libxc's public interface we
retain the use of int to avoid changing the ABI; libxc converts it to
a bool for consumption by libelf.
It is OK to change all values only ever used as booleans to _Bool
(bool) because conversion from any scalar type to a _Bool works the
same as the boolean test in if() or ?: and is always defined (C99
6.3.1.2). But we do need to check that all these variables really are
only ever used that way. (It is theoretically possible that the old
code truncated some 64-bit values to 32-bit ints which might become
zero depending on the value, which would mean a behavioural change in
this patch, but it seems implausible that treating 0x????????00000000
as false could have been intended.)
This is part of the fix to a security issue, XSA-55.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
v3: Use <stdbool.h>'s bool (or _Bool) instead of defining elf_bool.
Split this into a separate patch.
Diffstat (limited to 'xen/common')
| -rw-r--r-- | xen/common/libelf/libelf-dominfo.c | 2 | ||||
| -rw-r--r-- | xen/common/libelf/libelf-loader.c | 4 | ||||
| -rw-r--r-- | xen/common/libelf/libelf-private.h | 2 | ||||
| -rw-r--r-- | xen/common/libelf/libelf-tools.c | 10 |
4 files changed, 9 insertions, 9 deletions
diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c index b9a4e25b3e..c4ced67bbd 100644 --- a/xen/common/libelf/libelf-dominfo.c +++ b/xen/common/libelf/libelf-dominfo.c @@ -101,7 +101,7 @@ int elf_xen_parse_note(struct elf_binary *elf, /* *INDENT-OFF* */ static const struct { char *name; - int str; + bool str; } note_desc[] = { [XEN_ELFNOTE_ENTRY] = { "ENTRY", 0}, [XEN_ELFNOTE_HYPERCALL_PAGE] = { "HYPERCALL_PAGE", 0}, diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c index 6c43c34619..798f88bd54 100644 --- a/xen/common/libelf/libelf-loader.c +++ b/xen/common/libelf/libelf-loader.c @@ -92,7 +92,7 @@ int elf_init(struct elf_binary *elf, const char *image_input, size_t size) } #ifndef __XEN__ -void elf_call_log_callback(struct elf_binary *elf, int iserr, +void elf_call_log_callback(struct elf_binary *elf, bool iserr, const char *fmt,...) { va_list al; @@ -107,7 +107,7 @@ void elf_call_log_callback(struct elf_binary *elf, int iserr, } void elf_set_log(struct elf_binary *elf, elf_log_callback *log_callback, - void *log_caller_data, int verbose) + void *log_caller_data, bool verbose) { elf->log_callback = log_callback; elf->log_caller_data = log_caller_data; diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h index 0bd9e66e52..ea7e197b46 100644 --- a/xen/common/libelf/libelf-private.h +++ b/xen/common/libelf/libelf-private.h @@ -77,7 +77,7 @@ #define elf_err(elf, fmt, args ... ) \ elf_call_log_callback(elf, 1, fmt , ## args ); -void elf_call_log_callback(struct elf_binary*, int iserr, const char *fmt,...); +void elf_call_log_callback(struct elf_binary*, bool iserr, const char *fmt,...); #define safe_strcpy(d,s) \ do { strncpy((d),(s),sizeof((d))-1); \ diff --git a/xen/common/libelf/libelf-tools.c b/xen/common/libelf/libelf-tools.c index b613593786..0b7b2b634c 100644 --- a/xen/common/libelf/libelf-tools.c +++ b/xen/common/libelf/libelf-tools.c @@ -31,7 +31,7 @@ const char *elf_check_broken(const struct elf_binary *elf) return elf->broken; } -static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, +static bool elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, const void *region, uint64_t regionsize) /* * Returns true if the putative memory area [ptrval,ptrval+size> @@ -53,7 +53,7 @@ static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size, return 1; } -int elf_access_ok(struct elf_binary * elf, +bool elf_access_ok(struct elf_binary * elf, uint64_t ptrval, size_t size) { if ( elf_ptrval_in_range(ptrval, size, elf->image_base, elf->size) ) @@ -92,7 +92,7 @@ uint64_t elf_access_unsigned(struct elf_binary * elf, elf_ptrval base, uint64_t moreoffset, size_t size) { elf_ptrval ptrval = base + moreoffset; - int need_swap = elf_swap(elf); + bool need_swap = elf_swap(elf); const uint8_t *u8; const uint16_t *u16; const uint32_t *u32; @@ -332,7 +332,7 @@ ELF_HANDLE_DECL(elf_note) elf_note_next(struct elf_binary *elf, ELF_HANDLE_DECL( /* ------------------------------------------------------------------------ */ -int elf_is_elfbinary(const void *image_start, size_t image_size) +bool elf_is_elfbinary(const void *image_start, size_t image_size) { const Elf32_Ehdr *ehdr = image_start; @@ -342,7 +342,7 @@ int elf_is_elfbinary(const void *image_start, size_t image_size) return IS_ELF(*ehdr); } -int elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) +bool elf_phdr_is_loadable(struct elf_binary *elf, ELF_HANDLE_DECL(elf_phdr) phdr) { uint64_t p_type = elf_uval(elf, phdr, p_type); uint64_t p_flags = elf_uval(elf, phdr, p_flags); |