Commit ae91aea2 authored by Junhui Pei's avatar Junhui Pei Committed by Kees Cook
Browse files

ubsan: Fix incorrect hand-side used in handle 



__ubsan_handle_divrem_overflow() incorrectly uses the RHS to report.
It always reports the same log: division of -1 by -1. But it should
report division of LHS by -1.

Signed-off-by: default avatarJunhui Pei <paradoxskin233@gmail.com>
Fixes: c6d30853 ("UBSAN: run-time undefined behavior sanity checker")
Link: https://lore.kernel.org/r/20250602153841.62935-1-paradoxskin233@gmail.com


Signed-off-by: default avatarKees Cook <kees@kernel.org>
parent c17b750b

lib/ubsan.c

+3 −3
Original line number Diff line number Diff line
@@ -333,18 +333,18 @@ EXPORT_SYMBOL(__ubsan_handle_implicit_conversion); 
void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)

{

	struct overflow_data *data = _data;

	char rhs_val_str[VALUE_LENGTH];

	char lhs_val_str[VALUE_LENGTH];



	if (suppress_report(&data->location))

		return;



	ubsan_prologue(&data->location, "division-overflow");



	val_to_string(rhs_val_str, sizeof(rhs_val_str), data->type, rhs);

	val_to_string(lhs_val_str, sizeof(lhs_val_str), data->type, lhs);



	if (type_is_signed(data->type) && get_signed_val(data->type, rhs) == -1)

		pr_err("division of %s by -1 cannot be represented in type %s\n",

			rhs_val_str, data->type->type_name);

			lhs_val_str, data->type->type_name);

	else

		pr_err("division by zero\n");