From f7dd7d13bd9863bb74cf064ebdae2f29fb9e06e1 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Fri, 1 Dec 2023 09:14:11 +1000 Subject: [PATCH 1/2] Revert "wcmUSB: Correct bounds check of maximum button number" This fixed the wrong issue, the undefined behavior was caused by (1 << btn) defaulting to int rather than unsigned int. See the follow-up commit for a fix. This reverts commit bf61b3e22b2bb25dc9aed76103488eb7ebc47bb5. --- src/wcmUSB.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/wcmUSB.c b/src/wcmUSB.c index 40649776..b7b3d060 100644 --- a/src/wcmUSB.c +++ b/src/wcmUSB.c @@ -1361,7 +1361,7 @@ mod_buttons(WacomCommonPtr common, unsigned int buttons, unsigned int btn, Bool { unsigned int mask; - if (btn >= sizeof(int) * 8 - 1) + if (btn >= sizeof(int) * 8) { wcmLogCommonSafe(common, W_ERROR, "%s: Invalid button number %u. Insufficient storage\n", @@ -2085,7 +2085,7 @@ static int usbProbeKeys(WacomDevicePtr priv) TEST_CASE(test_mod_buttons) { WacomCommonRec common = {0}; - for (size_t i = 0; i < sizeof(int) * 8 - 1; i++) + for (size_t i = 0; i < sizeof(int) * 8; i++) { unsigned int buttons = mod_buttons(&common, 0, i, 1); assert(buttons == (1u << i)); @@ -2093,7 +2093,6 @@ TEST_CASE(test_mod_buttons) assert(buttons == 0); } - assert(mod_buttons(&common, 0, sizeof(int) * 8 - 1, 1) == 0); assert(mod_buttons(&common, 0, sizeof(int) * 8, 1) == 0); } From aa34048e9afa40751bf2f5be84d3676104568c0e Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Fri, 1 Dec 2023 09:16:21 +1000 Subject: [PATCH 2/2] wcmUSB: fix undefined behavior for bit-shifting Automated test runs have detected the following issue while running UBSan checks: ~~~ ../src/wcmUSB.c:1372:11: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' #0 0x7f0444bcbd8c in mod_buttons ../src/wcmUSB.c:1372 #1 0x7f0444bd7f26 in test_mod_buttons ../src/wcmUSB.c:2090 #2 0x7f0444bfcea7 in wcm_run_tests ../test/wacom-test-suite.c:46 #3 0x56204d77b405 in main ../test/wacom-tests.c:44 #4 0x7f0448625082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #5 0x56204d77b1cd in _start (/home/runner/work/xf86-input-wacom/xf86-input-wacom/builddir/wacom-tests+0x11cd) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/wcmUSB.c:1372:11 in The default type of a literal `1` is `int` and thus a leftshift of 31 is not permitted. Switch it to `1u` and thus `unsigned int` for Button 31 which is the max button we support (if zero-indexed). Link: https://github.com/linuxwacom/xf86-input-wacom/actions/runs/7049012015/job/19186502078 Signed-off-by: Peter Hutterer --- src/wcmUSB.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wcmUSB.c b/src/wcmUSB.c index b7b3d060..33f8b67a 100644 --- a/src/wcmUSB.c +++ b/src/wcmUSB.c @@ -1369,7 +1369,7 @@ mod_buttons(WacomCommonPtr common, unsigned int buttons, unsigned int btn, Bool return buttons; } - mask = 1 << btn; + mask = 1u << btn; if (state) buttons |= mask;