• Simon McVittie's avatar
    keyring: Avoid undefined out-of-range shift · 70fdc001
    Simon McVittie authored
    Detected with UndefinedBehaviourSanitizer, which will warn on
    about 50% of calls to this function, when s[3] is 128 or more,
    because id is signed, so 128 << 24 is undefined signed overflow.
    All we want here is a random non-negative signed int (in the range 0
    to 2**31-1, with 31 bits varying). The intention seemed to be to
    generate a random unsigned int, cast it to signed, and then negate it
    if negative, but it seems simpler and more obviously correct to just
    make sure the most  significant byte fits in the non-negative range.
    Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
dbus-keyring.c 30.5 KB