libsepol: avoid unsigned integer overflow

Commit Message

Christian Göttsche July 1, 2021, 6:34 p.m. UTC

Unsigned integer overflow is well-defined and not undefined behavior.
But it is still useful to enable undefined behavior sanitizer checks on
unsigned arithmetic to detect possible issues on counters or variables
with similar purpose.

Use a spaceship operator like comparison instead of subtraction.

Modern compilers will generate a single comparison instruction instead
of actually perform the subtraction.

    policydb.c:851:24: runtime error: unsigned integer overflow: 801 - 929 cannot be represented in type 'unsigned int'

This is similar to 1537ea84.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Patch

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index ef2217c2..8865a2eb 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -843,15 +843,15 @@  static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
 	const struct range_trans *key2 = (const struct range_trans *)k2;
 	int v;
 
-	v = key1->source_type - key2->source_type;
+	v = (key1->source_type > key2->source_type) - (key1->source_type < key2->source_type);
 	if (v)
 		return v;
 
-	v = key1->target_type - key2->target_type;
+	v = (key1->target_type > key2->target_type) - (key1->target_type < key2->target_type);
 	if (v)
 		return v;
 
-	v = key1->target_class - key2->target_class;
+	v = (key1->target_class > key2->target_class) - (key1->target_class > key2->target_class);
 
 	return v;
 }