From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Mon, 15 Jun 2020 10:58:42 -0400

Subject: [PATCH] safemath: Add some arithmetic primitives that check for

 overflow

This adds a new header, include/grub/safemath.h, that includes easy to

use wrappers for __builtin_{add,sub,mul}_overflow() declared like:

  bool OP(a, b, res)

where OP is grub_add, grub_sub or grub_mul. OP() returns true in the

case where the operation would overflow and res is not modified.

Otherwise, false is returned and the operation is executed.

These arithmetic primitives require newer compiler versions. So, bump

these requirements in the INSTALL file too.

Signed-off-by: Peter Jones <pjones@redhat.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Upstream-commit-id: de1c315841a

---

 include/grub/compiler.h |  8 ++++++++

 include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++

 INSTALL                 | 22 ++--------------------

 3 files changed, 47 insertions(+), 20 deletions(-)

 create mode 100644 include/grub/safemath.h

diff --git a/include/grub/compiler.h b/include/grub/compiler.h

index 9859ff4cc79..ebafec68957 100644

--- a/include/grub/compiler.h

+++ b/include/grub/compiler.h

@@ -48,6 +48,14 @@

 #  define WARN_UNUSED_RESULT

 #endif

+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)

+#  define CLANG_PREREQ(maj,min) \

+          ((__clang_major__ > (maj)) || \

+	   (__clang_major__ == (maj) && __clang_minor__ >= (min)))

+#else

+#  define CLANG_PREREQ(maj,min) 0

+#endif

+

 #define UNUSED __attribute__((__unused__))

 #endif /* ! GRUB_COMPILER_HEADER */

diff --git a/include/grub/safemath.h b/include/grub/safemath.h

new file mode 100644

index 00000000000..c17b89bba17

--- /dev/null

+++ b/include/grub/safemath.h

@@ -0,0 +1,37 @@

+/*

+ *  GRUB  --  GRand Unified Bootloader

+ *  Copyright (C) 2020  Free Software Foundation, Inc.

+ *

+ *  GRUB is free software: you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation, either version 3 of the License, or

+ *  (at your option) any later version.

+ *

+ *  GRUB is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.

+ *

+ *  Arithmetic operations that protect against overflow.

+ */

+

+#ifndef GRUB_SAFEMATH_H

+#define GRUB_SAFEMATH_H 1

+

+#include <grub/compiler.h>

+

+/* These appear in gcc 5.1 and clang 3.8. */

+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)

+

+#define grub_add(a, b, res)	__builtin_add_overflow(a, b, res)

+#define grub_sub(a, b, res)	__builtin_sub_overflow(a, b, res)

+#define grub_mul(a, b, res)	__builtin_mul_overflow(a, b, res)

+

+#else

+#error gcc 5.1 or newer or clang 3.8 or newer is required

+#endif

+

+#endif /* GRUB_SAFEMATH_H */

diff --git a/INSTALL b/INSTALL

index 8acb4090235..dcb9b7d7b7a 100644

--- a/INSTALL

+++ b/INSTALL

@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If

 you don't have any of them, please obtain and install them before

 configuring the GRUB.

-* GCC 4.1.3 or later

-  Note: older versions may work but support is limited

-

-  Experimental support for clang 3.3 or later (results in much bigger binaries)

+* GCC 5.1.0 or later

+  Experimental support for clang 3.8.0 or later (results in much bigger binaries)

   for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64

-  Note: clang 3.2 or later works for i386 and x86_64 targets but results in

-        much bigger binaries.

-	earlier versions not tested

-  Note: clang 3.2 or later works for arm

-	earlier versions not tested

-  Note: clang on arm64 is not supported due to

-	https://llvm.org/bugs/show_bug.cgi?id=26030

-  Note: clang 3.3 or later works for mips(el)

-	earlier versions fail to generate .reginfo and hence gprel relocations

-	fail.

-  Note: clang 3.2 or later works for powerpc

-	earlier versions not tested

-  Note: clang 3.5 or later works for sparc64

-        earlier versions return "error: unable to interface with target machine"

-  Note: clang has no support for ia64 and hence you can't compile GRUB

-	for ia64 with clang

 * GNU Make

 * GNU Bison 2.3 or later

 * GNU gettext 0.17 or later