Changeset 103066 in vbox for trunk/src/VBox/Runtime

Timestamp:

Jan 25, 2024 3:03:18 PM (10 months ago)

Author:

vboxsync

Message:

iprt: Prevent array-index-out-of-bounds UBSAN warnings on Linux, bugref:10585.

Location:

trunk/src/VBox/Runtime

Files:

• common/log/log.cpp (modified) (4 diffs)
• r0drv/linux/memobj-r0drv-linux.c (modified) (3 diffs)

trunk/src/VBox/Runtime/common/log/log.cpp

@@ -549 +549 @@
         uint16_t const iGroup = RT_HI_U16(fFlagsAndGroup);
         if (   iGroup != UINT16_MAX
-            && (   (pLoggerInt->afGroups[iGroup < pLoggerInt->cGroups ? iGroup : 0] & (fFlags | RTLOGGRPFLAGS_ENABLED))
+            && (   (*(pLoggerInt->afGroups + (iGroup < pLoggerInt->cGroups ? iGroup : 0)) & (fFlags | RTLOGGRPFLAGS_ENABLED))
                 != (fFlags | RTLOGGRPFLAGS_ENABLED)))
             pLoggerInt = NULL;
@@ -1556 +1556 @@
     iGroup = pLoggerInt->cGroups;
     while (iGroup-- > 0)
-        pLoggerInt->afGroups[iGroup] = 0;
+        *(pLoggerInt->afGroups + iGroup) = 0;
 
     /*
@@ -1789 +1789 @@
             {
                 if (fEnabled)
-                    pLoggerInt->afGroups[i] |= fFlags;
+                    *(pLoggerInt->afGroups + i) |= fFlags;
                 else
-                    pLoggerInt->afGroups[i] &= ~fFlags;
+                    *(pLoggerInt->afGroups + i) &= ~fFlags;
             }
         }
@@ -4159 +4159 @@
         return VINF_LOG_DISABLED;
     if (    iGroup != ~0U
-        &&  (pLoggerInt->afGroups[iGroup] & (fFlags | RTLOGGRPFLAGS_ENABLED)) != (fFlags | RTLOGGRPFLAGS_ENABLED))
+        &&  (*(pLoggerInt->afGroups + iGroup) & (fFlags | RTLOGGRPFLAGS_ENABLED)) != (fFlags | RTLOGGRPFLAGS_ENABLED))
         return VINF_LOG_DISABLED;
 

trunk/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c

@@ -426 +426 @@
             fContiguous = true;
             for (iPage = 0; iPage < cPages; iPage++)
-                pMemLnx->apPages[iPage] = &paPages[iPage];
+                *(pMemLnx->apPages + iPage) = &paPages[iPage];
         }
         else if (fContiguous)
@@ -442 +442 @@
         for (iPage = 0; iPage < cPages; iPage++)
         {
-            pMemLnx->apPages[iPage] = alloc_page(fFlagsLnx | __GFP_NOWARN);
-            if (RT_UNLIKELY(!pMemLnx->apPages[iPage]))
+            *(pMemLnx->apPages + iPage) = alloc_page(fFlagsLnx | __GFP_NOWARN);
+            if (RT_UNLIKELY(!*(pMemLnx->apPages + iPage)))
             {
                 while (iPage-- > 0)
-                    __free_page(pMemLnx->apPages[iPage]);
+                    __free_page(*(pMemLnx->apPages + iPage));
                 rtR0MemObjDelete(&pMemLnx->Core);
                 return rcNoMem;
@@ -623 +623 @@
         size_t iPage = pMemLnx->cPages;
         while (iPage-- > 0)
-            if (PageHighMem(pMemLnx->apPages[iPage]))
+            if (PageHighMem(*(pMemLnx->apPages + iPage)))
             {
                 fMustMap = true;