* [PATCH 0/2] Correct l_uintset_isempty() logic
@ 2019-09-16 20:36 Ossama Othman
2019-09-16 20:36 ` [PATCH 1/2] unit: Add l_uintset_isempty() test Ossama Othman
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Ossama Othman @ 2019-09-16 20:36 UTC (permalink / raw
To: ell
[-- Attachment #1: Type: text/plain, Size: 568 bytes --]
The loop iteration over the 'bits' array in l_uintset_isempty()
exceeded the maximum offset for the given l_uintset, resulting in
out-of-bounds bits being considered for emptiness. Add a test that
demonstrates the problem, and correct the maximum offset when
iterating over the l_uintset 'bits' field.
Ossama Othman (2):
unit: Add l_uintset_isempty() test
uintset: Do not exceed max offset in empty check
ell/uintset.c | 5 ++++-
unit/test-uintset.c | 17 +++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] unit: Add l_uintset_isempty() test
2019-09-16 20:36 [PATCH 0/2] Correct l_uintset_isempty() logic Ossama Othman
@ 2019-09-16 20:36 ` Ossama Othman
2019-09-16 20:36 ` [PATCH 2/2] uintset: Do not exceed max offset in empty check Ossama Othman
2019-09-16 20:43 ` [PATCH 0/2] Correct l_uintset_isempty() logic Denis Kenzior
2 siblings, 0 replies; 4+ messages in thread
From: Ossama Othman @ 2019-09-16 20:36 UTC (permalink / raw
To: ell
[-- Attachment #1: Type: text/plain, Size: 1084 bytes --]
---
unit/test-uintset.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/unit/test-uintset.c b/unit/test-uintset.c
index 99888b3..3c9790e 100644
--- a/unit/test-uintset.c
+++ b/unit/test-uintset.c
@@ -347,6 +347,22 @@ static void test_uintset_intersect_test(const void *user_data)
l_uintset_free(set_r);
}
+static void test_uintset_isempty(const void *user_data)
+{
+ struct l_uintset *a = NULL;
+ struct l_uintset *b = l_uintset_new(32);
+ struct l_uintset *c = l_uintset_new(32);
+
+ assert(l_uintset_put(c, 10));
+
+ assert(l_uintset_isempty(a));
+ assert(l_uintset_isempty(b));
+ assert(!l_uintset_isempty(c));
+
+ l_uintset_free(c);
+ l_uintset_free(b);
+}
+
int main(int argc, char *argv[])
{
l_test_init(&argc, &argv);
@@ -364,6 +380,7 @@ int main(int argc, char *argv[])
&intersect_data_1);
l_test_add("l_uintset intersect test 2", test_uintset_intersect_test,
&intersect_data_2);
+ l_test_add("l_uintset isempty", test_uintset_isempty, NULL);
return l_test_run();
}
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] uintset: Do not exceed max offset in empty check
2019-09-16 20:36 [PATCH 0/2] Correct l_uintset_isempty() logic Ossama Othman
2019-09-16 20:36 ` [PATCH 1/2] unit: Add l_uintset_isempty() test Ossama Othman
@ 2019-09-16 20:36 ` Ossama Othman
2019-09-16 20:43 ` [PATCH 0/2] Correct l_uintset_isempty() logic Denis Kenzior
2 siblings, 0 replies; 4+ messages in thread
From: Ossama Othman @ 2019-09-16 20:36 UTC (permalink / raw
To: ell
[-- Attachment #1: Type: text/plain, Size: 745 bytes --]
Do not exceed the maximum l_uintset bits offset when checking if the
set is empty.
---
ell/uintset.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ell/uintset.c b/ell/uintset.c
index 50119a0..b88e28e 100644
--- a/ell/uintset.c
+++ b/ell/uintset.c
@@ -516,11 +516,14 @@ LIB_EXPORT struct l_uintset *l_uintset_intersect(const struct l_uintset *set_a,
LIB_EXPORT bool l_uintset_isempty(const struct l_uintset *set)
{
uint16_t i;
+ uint32_t offset_max;
if (unlikely(!set))
return true;
- for (i = 0; i < set->size; i++) {
+ offset_max = (set->size + BITS_PER_LONG - 1) / BITS_PER_LONG;
+
+ for (i = 0; i < offset_max; i++) {
if (set->bits[i])
return false;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] Correct l_uintset_isempty() logic
2019-09-16 20:36 [PATCH 0/2] Correct l_uintset_isempty() logic Ossama Othman
2019-09-16 20:36 ` [PATCH 1/2] unit: Add l_uintset_isempty() test Ossama Othman
2019-09-16 20:36 ` [PATCH 2/2] uintset: Do not exceed max offset in empty check Ossama Othman
@ 2019-09-16 20:43 ` Denis Kenzior
2 siblings, 0 replies; 4+ messages in thread
From: Denis Kenzior @ 2019-09-16 20:43 UTC (permalink / raw
To: ell
[-- Attachment #1: Type: text/plain, Size: 691 bytes --]
Hi Ossama,
On 9/16/19 3:36 PM, Ossama Othman wrote:
> The loop iteration over the 'bits' array in l_uintset_isempty()
> exceeded the maximum offset for the given l_uintset, resulting in
> out-of-bounds bits being considered for emptiness. Add a test that
> demonstrates the problem, and correct the maximum offset when
> iterating over the l_uintset 'bits' field.
>
> Ossama Othman (2):
> unit: Add l_uintset_isempty() test
> uintset: Do not exceed max offset in empty check
>
> ell/uintset.c | 5 ++++-
> unit/test-uintset.c | 17 +++++++++++++++++
> 2 files changed, 21 insertions(+), 1 deletion(-)
>
Nice catch, both applied.
Regards,
-Denis
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-09-16 20:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-16 20:36 [PATCH 0/2] Correct l_uintset_isempty() logic Ossama Othman
2019-09-16 20:36 ` [PATCH 1/2] unit: Add l_uintset_isempty() test Ossama Othman
2019-09-16 20:36 ` [PATCH 2/2] uintset: Do not exceed max offset in empty check Ossama Othman
2019-09-16 20:43 ` [PATCH 0/2] Correct l_uintset_isempty() logic Denis Kenzior
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.