ubsan: Fix incorrect hand-side used in handle

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

__ubsan_handle_divrem_overflow() incorrectly uses the RHS to report.
It always reports the same log: division of -1 by -1. But it should
report division of LHS by -1.

Signed-off-by: Junhui Pei <paradoxskin233@gmail.com>
Fixes: c6d308534aef ("UBSAN: run-time undefined behavior sanity checker")
Link: https://lore.kernel.org/r/20250602153841.62935-1-paradoxskin233@gmail.com
Signed-off-by: Kees Cook <kees@kernel.org>

authored by

Junhui Pei and committed by

Kees Cook 7 months ago ae91aea2 c17b750b

+3 -3

1 changed file

expand all

lib

ubsan.c

+3 -3

lib/ubsan.c

··· 333 333 void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs) 334 334 { 335 335 struct overflow_data *data = _data; 336 - char rhs_val_str[VALUE_LENGTH]; 336 + char lhs_val_str[VALUE_LENGTH]; 337 337 338 338 if (suppress_report(&data->location)) 339 339 return; 340 340 341 341 ubsan_prologue(&data->location, "division-overflow"); 342 342 343 - val_to_string(rhs_val_str, sizeof(rhs_val_str), data->type, rhs); 343 + val_to_string(lhs_val_str, sizeof(lhs_val_str), data->type, lhs); 344 344 345 345 if (type_is_signed(data->type) && get_signed_val(data->type, rhs) == -1) 346 346 pr_err("division of %s by -1 cannot be represented in type %s\n", 347 - rhs_val_str, data->type->type_name); 347 + lhs_val_str, data->type->type_name); 348 348 else 349 349 pr_err("division by zero\n"); 350 350