libsepol: Fix potential undefined shifts

An expression of the form "1 << x" is undefined if x == 31 because the "1" is an int and cannot be left shifted by 31. Instead, use "UINT32_C(1) << x" which will be an unsigned int of at least 32 bits. Signed-off-by: James Carter <jwcart2@gmail.com>
2025-01-20 12:30:45 +00:00 · 2021-10-08 16:12:24 -04:00 · 2021-10-08 16:12:24 -04:00 · 14197e613c
commit 14197e613c
parent 5319c49d8a
5 changed files with 10 additions and 10 deletions
--- a/libsepol/src/avtab.c
+++ b/libsepol/src/avtab.c
@ -376,7 +376,7 @@ int avtab_alloc(avtab_t *h, uint32_t nrules)
 	}
 	if (shift > 2)
 		shift = shift - 2;
-	nslot = 1 << shift;
+	nslot = UINT32_C(1) << shift;
 	if (nslot > MAX_AVTAB_HASH_BUCKETS)
 		nslot = MAX_AVTAB_HASH_BUCKETS;
 	mask = nslot - 1;
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@ -411,13 +411,13 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
 		}

 		/* loop through all possible combinations of values for bools in expression */
-		for (test = 0x0; test < (0x1U << cn->nbools); test++) {
+		for (test = 0x0; test < (UINT32_C(1) << cn->nbools); test++) {
 			/* temporarily set the value for all the bools in the
 			 * expression using the corr.  bit in test */
 			for (j = 0; j < cn->nbools; j++) {
 				p->bool_val_to_struct[cn->bool_ids[j] -
 						      1]->state =
-				    (test & (0x1 << j)) ? 1 : 0;
+				    (test & (UINT32_C(1) << j)) ? 1 : 0;
 			}
 			k = cond_evaluate_expr(p, cn->expr);
 			if (k == -1) {
@ -428,7 +428,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
 			}
 			/* set the bit if expression evaluates true */
 			if (k)
-				cn->expr_pre_comp |= 0x1 << test;
+				cn->expr_pre_comp |= UINT32_C(1) << test;
 		}

 		/* restore bool default values */
--- a/libsepol/src/link.c
+++ b/libsepol/src/link.c
@ -1291,10 +1291,10 @@ static int copy_avrule_list(avrule_t * list, avrule_t ** dst,
 				     i <
 				     module->perm_map_len[cur_perm->tclass - 1];
 				     i++) {
-					if (!(cur_perm->data & (1U << i)))
+					if (!(cur_perm->data & (UINT32_C(1) << i)))
 						continue;
 					new_perm->data |=
-					    (1U <<
+					    (UINT32_C(1) <<
 					     (module->
 					      perm_map[cur_perm->tclass - 1][i] -
 					      1));
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@ -4166,7 +4166,7 @@ static sepol_access_vector_t policydb_string_to_av_perm(
 			hashtab_search(tclass_datum->permissions.table,
 			(hashtab_key_t)perm_name);
 	if (perm_datum != NULL)
-		return 0x1U << (perm_datum->s.value - 1);
+		return UINT32_C(1) << (perm_datum->s.value - 1);

 	if (tclass_datum->comdatum == NULL)
 		return 0;
@ -4176,7 +4176,7 @@ static sepol_access_vector_t policydb_string_to_av_perm(
 			(hashtab_key_t)perm_name);

 	if (perm_datum != NULL)
-		return 0x1U << (perm_datum->s.value - 1);
+		return UINT32_C(1) << (perm_datum->s.value - 1);

 	return 0;
 }
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@ -1213,7 +1213,7 @@ int sepol_string_to_av_perm(sepol_security_class_t tclass,
 			hashtab_search(tclass_datum->permissions.table,
 			perm_name);
 	if (perm_datum != NULL) {
-		*av = 0x1 << (perm_datum->s.value - 1);
+		*av = UINT32_C(1) << (perm_datum->s.value - 1);
 		return STATUS_SUCCESS;
 	}

@ -1225,7 +1225,7 @@ int sepol_string_to_av_perm(sepol_security_class_t tclass,
 			perm_name);

 	if (perm_datum != NULL) {
-		*av = 0x1 << (perm_datum->s.value - 1);
+		*av = UINT32_C(1) << (perm_datum->s.value - 1);
 		return STATUS_SUCCESS;
 	}
 out: