shim/backport-Add-primitives-for-overflow-checked-arithmetic-opera.patch

From f27182695d88350b48c8b9a6dce54bb513d7aa4e Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 27 Jul 2023 15:13:08 -0400
Subject: [PATCH] Add primitives for overflow-checked arithmetic operations.

We need to do arithmetic on untrusted values sometimes, so this patch
adds the following primitives as macros that wrap the compiler builtins.

  bool checked_add(TYPE addend0, TYPE addend1, TYPE *sum)
  bool checked_sub(TYPE minuend, TYPE subtrahend, TYPE *difference)
  bool checked_mul(TYPE factor0, TYPE factor1, TYPE *product)

And also the following primitive which returns True if divisor is 0 and
False otherwise:

  bool checked_div(TYPE dividend, TYPE divisor, TYPE *quotient)

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 include/compiler.h | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/include/compiler.h b/include/compiler.h
index b0d595f..545a72e 100644
--- a/include/compiler.h
+++ b/include/compiler.h
@@ -198,5 +198,21 @@
 #error shim has no cache_invalidate() implementation for this compiler
 #endif /* __GNUC__ */
 
+#define checked_add(addend0, addend1, sum) \
+	__builtin_add_overflow(addend0, addend1, sum)
+#define checked_sub(minuend, subtrahend, difference) \
+	__builtin_sub_overflow(minuend, subtrahend, difference)
+#define checked_mul(factor0, factor1, product) \
+	__builtin_mul_overflow(factor0, factor1, product)
+#define checked_div(dividend, divisor, quotient)                \
+        ({                                                      \
+                bool _ret = True;                               \
+                if ((divisor) != 0) {                           \
+                        _ret = False;                           \
+                        (quotient) = (dividend) / (divisor);    \
+                }                                               \
+                _ret;                                           \
+        })
+
 #endif /* !COMPILER_H_ */
 // vim:fenc=utf-8:tw=75:et
-- 
2.33.0
fix CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 2024-01-25 10:28:55 +08:00			`From f27182695d88350b48c8b9a6dce54bb513d7aa4e Mon Sep 17 00:00:00 2001`
			`From: Peter Jones <pjones@redhat.com>`
			`Date: Thu, 27 Jul 2023 15:13:08 -0400`
			`Subject: [PATCH] Add primitives for overflow-checked arithmetic operations.`

			`We need to do arithmetic on untrusted values sometimes, so this patch`
			`adds the following primitives as macros that wrap the compiler builtins.`

			`bool checked_add(TYPE addend0, TYPE addend1, TYPE *sum)`
			`bool checked_sub(TYPE minuend, TYPE subtrahend, TYPE *difference)`
			`bool checked_mul(TYPE factor0, TYPE factor1, TYPE *product)`

			`And also the following primitive which returns True if divisor is 0 and`
			`False otherwise:`

			`bool checked_div(TYPE dividend, TYPE divisor, TYPE *quotient)`

			`Signed-off-by: Peter Jones <pjones@redhat.com>`
			`---`
			`include/compiler.h \| 16 ++++++++++++++++`
			`1 file changed, 16 insertions(+)`

			`diff --git a/include/compiler.h b/include/compiler.h`
			`index b0d595f..545a72e 100644`
			`--- a/include/compiler.h`
			`+++ b/include/compiler.h`
			`@@ -198,5 +198,21 @@`
			`#error shim has no cache_invalidate() implementation for this compiler`
			`#endif /* __GNUC__ */`

			`+#define checked_add(addend0, addend1, sum) \`
			`+ __builtin_add_overflow(addend0, addend1, sum)`
			`+#define checked_sub(minuend, subtrahend, difference) \`
			`+ __builtin_sub_overflow(minuend, subtrahend, difference)`
			`+#define checked_mul(factor0, factor1, product) \`
			`+ __builtin_mul_overflow(factor0, factor1, product)`
			`+#define checked_div(dividend, divisor, quotient) \`
			`+ ({ \`
			`+ bool _ret = True; \`
			`+ if ((divisor) != 0) { \`
			`+ _ret = False; \`
			`+ (quotient) = (dividend) / (divisor); \`
			`+ } \`
			`+ _ret; \`
			`+ })`
			`+`
			`#endif /* !COMPILER_H_ */`
			`// vim:fenc=utf-8:tw=75:et`
			`--`
			`2.33.0`