From 98576e13197e200a9e1be4a3e00f4cf9488dafc2 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Fri, 28 Feb 2020 11:51:51 +0100 Subject: [PATCH] Prevent signed integer overflow in LOC record conversion Reported by UBSan: sillyrecords.cc:301:42: runtime error: signed integer overflow: 2031844648 - -2147483648 cannot be represented in type 'int' #0 0x55ab56ff5fbd in LOCRecordContent::getZoneRepresentation(bool) const /home/travis/build/rgacogne/pdns/pdns/recursordist/pdns-recursor-0.0.0.0.HEAD.ge217873f32.dirty/sillyrecords.cc:301:42 #1 0x55ab571da021 in test_dnsrecords_cc::test_record_types::test_method() /home/travis/build/rgacogne/pdns/pdns/recursordist/pdns-recursor-0.0.0.0.HEAD.ge217873f32.dirty/test-dnsrecords_cc.cc:232:11 #2 0x55ab571c9a4a in test_dnsrecords_cc::test_record_types_invoker() /home/travis/build/rgacogne/pdns/pdns/recursordist/pdns-recursor-0.0.0.0.HEAD.ge217873f32.dirty/test-dnsrecords_cc.cc:42:1 #3 0x55ab57136125 in boost::unit_test::ut_detail::callback0_impl_t::invoke() /usr/include/boost/test/utils/callback.hpp:89:46 #4 0x2b0b90cfa1f0 (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x681f0) #5 0x2b0b90cd5545 in boost::execution_monitor::catch_signals(boost::unit_test::callback0 const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x43545) #6 0x2b0b90cd5d82 in boost::execution_monitor::execute(boost::unit_test::callback0 const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x43d82) #7 0x2b0b90cfa2f1 in boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::unit_test::test_case const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x682f1) #8 0x2b0b90ce3f93 in boost::unit_test::framework_impl::visit(boost::unit_test::test_case const&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x51f93) #9 0x2b0b90d12d22 in boost::unit_test::traverse_test_tree(boost::unit_test::test_suite const&, boost::unit_test::test_tree_visitor&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x80d22) #10 0x2b0b90d12d22 in boost::unit_test::traverse_test_tree(boost::unit_test::test_suite const&, boost::unit_test::test_tree_visitor&) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x80d22) #11 0x2b0b90cdf4b9 in boost::unit_test::framework::run(unsigned long, bool) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x4d4b9) #12 0x2b0b90cf7ed3 in boost::unit_test::unit_test_main(bool (*)(), int, char**) (/usr/lib/x86_64-linux-gnu/libboost_unit_test_framework.so.1.54.0+0x65ed3) #13 0x2b0b92d59f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #14 0x55ab56b37961 in _start (/home/travis/build/rgacogne/pdns/pdns/recursordist/pdns-recursor-0.0.0.0.HEAD.ge217873f32.dirty/testrunner+0x1bc3961) --- pdns/sillyrecords.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pdns/sillyrecords.cc b/pdns/sillyrecords.cc index 334e3e19900a..acb42cb5d33f 100644 --- a/pdns/sillyrecords.cc +++ b/pdns/sillyrecords.cc @@ -298,8 +298,8 @@ string LOCRecordContent::getZoneRepresentation(bool noDot) const // convert d_version, d_size, d_horiz/vertpre, d_latitude, d_longitude, d_altitude to: // 51 59 00.000 N 5 55 00.000 E 4.00m 1.00m 10000.00m 10.00m - double latitude= ((int32_t)d_latitude - (1<<31))/3600000.0; - double longitude=((int32_t)d_longitude - (1<<31))/3600000.0; + double latitude= ((int32_t)((uint32_t)d_latitude - ((uint32_t)1<<31)))/3600000.0; + double longitude=((int32_t)((uint32_t)d_longitude - ((uint32_t)1<<31)))/3600000.0; double altitude= ((int32_t)d_altitude )/100.0 - 100000; double size=0.01*((d_size>>4)&0xf);