From 002b6b1ce05c2810cb858188b29aafe785bbc01a Mon Sep 17 00:00:00 2001 From: James Zern Date: Wed, 17 Aug 2022 19:20:25 -0700 Subject: [PATCH] compiler_attributes.h: add VPX_NO_UNSIGNED_SHIFT_CHECK and use it on MD5Transform(); this behavior is well defined and is only a warning with -fsanitize=integer, not -fsanitize=undefined. quiets warnings of the form: md5_utils.c:163:3: runtime error: left shift of 143704723 by 7 places cannot be represented in type 'unsigned int' Bug: b/229626362 Change-Id: I60a384b2c2556f5ce71ad8ebce050329aba0b4e4 --- md5_utils.c | 4 ++-- vpx_ports/compiler_attributes.h | 12 +++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/md5_utils.c b/md5_utils.c index c4106525f..abd8d43c3 100644 --- a/md5_utils.c +++ b/md5_utils.c @@ -151,8 +151,8 @@ void MD5Final(md5byte digest[16], struct MD5Context *ctx) { * reflect the addition of 16 longwords of new data. MD5Update blocks * the data and converts bytes into longwords for this routine. */ -VPX_NO_UNSIGNED_OVERFLOW_CHECK void MD5Transform(UWORD32 buf[4], - UWORD32 const in[16]) { +VPX_NO_UNSIGNED_OVERFLOW_CHECK VPX_NO_UNSIGNED_SHIFT_CHECK void MD5Transform( + UWORD32 buf[4], UWORD32 const in[16]) { UWORD32 a, b, c, d; a = buf[0]; diff --git a/vpx_ports/compiler_attributes.h b/vpx_ports/compiler_attributes.h index 354352016..4b468749b 100644 --- a/vpx_ports/compiler_attributes.h +++ b/vpx_ports/compiler_attributes.h @@ -29,13 +29,23 @@ #endif // __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__) #if defined(__clang__) && __has_attribute(no_sanitize) +// Both of these have defined behavior and are used in certain operations or +// optimizations thereof. There are cases where an overflow may be unintended, +// however, so use of these attributes should be done with care. #define VPX_NO_UNSIGNED_OVERFLOW_CHECK \ __attribute__((no_sanitize("unsigned-integer-overflow"))) -#endif +#if __clang_major__ >= 12 +#define VPX_NO_UNSIGNED_SHIFT_CHECK \ + __attribute__((no_sanitize("unsigned-shift-base"))) +#endif // __clang__ >= 12 +#endif // __clang__ #ifndef VPX_NO_UNSIGNED_OVERFLOW_CHECK #define VPX_NO_UNSIGNED_OVERFLOW_CHECK #endif +#ifndef VPX_NO_UNSIGNED_SHIFT_CHECK +#define VPX_NO_UNSIGNED_SHIFT_CHECK +#endif //------------------------------------------------------------------------------ // Variable attributes. -- 2.49.0