Skip to content

BM: fix undefined behavior and checkpatch warnings in cpuid_check#578

Merged
hongyuni merged 1 commit into
mainfrom
sync/hotfix-BM-tools-sdl-fix
Jun 25, 2026
Merged

BM: fix undefined behavior and checkpatch warnings in cpuid_check#578
hongyuni merged 1 commit into
mainfrom
sync/hotfix-BM-tools-sdl-fix

Conversation

@hongyuni

Copy link
Copy Markdown
Contributor

Fix extract_bits():

  • Add bounds validation for shift operands to prevent UB (CWE-682, CWE-190)
  • Use unsigned literals (1U, ~0U) to avoid signed shift UB

Replace single-variable sscanf with strtoul/strtol helpers:

  • Add parse_hex() and parse_dec() static functions
  • Replace sscanf("%x") with parse_hex() for hex argument parsing
  • Replace sscanf("%d") with parse_dec() for decimal argument parsing
  • Replace sscanf("%c") with direct character access
  • Replace sscanf("%6s") with snprintf

Found by libFuzzer+UBSan fuzzing campaign and CI checkpatch.

(cherry picked from commit 7311ef7)

Fix extract_bits():
- Add bounds validation for shift operands to prevent UB (CWE-682, CWE-190)
- Use unsigned literals (1U, ~0U) to avoid signed shift UB

Replace single-variable sscanf with strtoul/strtol helpers:
- Add parse_hex() and parse_dec() static functions
- Replace sscanf("%x") with parse_hex() for hex argument parsing
- Replace sscanf("%d") with parse_dec() for decimal argument parsing
- Replace sscanf("%c") with direct character access
- Replace sscanf("%6s") with snprintf

Found by libFuzzer+UBSan fuzzing campaign and CI checkpatch.

Signed-off-by: Farrah Chen <farrah.chen@intel.com>
(cherry picked from commit 7311ef7)
@hongyuni hongyuni force-pushed the sync/hotfix-BM-tools-sdl-fix branch from 523e42e to e982403 Compare June 25, 2026 07:15
@hongyuni hongyuni merged commit 1b5ceb8 into main Jun 25, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants