On 13.08.2024 17:16, Andrew Cooper wrote:
> On 13/08/2024 2:19 pm, Andrew Cooper wrote:
>> On 13/08/2024 1:43 pm, Jan Beulich wrote:
>>> The conversion of the shifts to multiplications by the commits tagged
>>> below still wasn't quite right: The multiplications (of signed values)
>>> can overflow, too. As of 298556c7b5f8 ("x86emul: correct 32-bit address
>>> handling for AVX2 gathers") signed multiplication wasn't necessary
>>> anymore, though: The necessary sign-extension (if any) will happen as
>>> well when using intermediate variables of unsigned long types, and
>>> excess address bits are chopped off by truncate_ea().
>>>
>>> Fixes: b6a907f8c83d ("x86emul: replace UB shifts")
>>> Fixes: 21de9680eb59 ("x86emul: replace further UB shifts")
>>> Oss-fuzz: 71138
> 
> It's too late on this one, but it occurs to me that we probably want
> 
> Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71138
> 
> rather than an abstract Oss-fuzz number.  The bugtracker entry becomes
> public after 90d or when ClusterFuzz thinks we've fixed the bug, and the
> full link will be more useful to anyone interested.

I can try to remember doing so going forward. Let me adjust the one that's
still pending right away.

Jan

Reply via email to