From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 18 Jun 2025 06:29:01 +0000 (+0200)
Subject: virSocketAddrPrefixToNetmask: Prevent undefined behaviour on bitshifts on signed... 
X-Git-Tag: v11.5.0-rc1~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=35e3c17e02f5c1bb17ae8a9f2c1b284b3fcbbb90;p=thirdparty%2Flibvirt.git

virSocketAddrPrefixToNetmask: Prevent undefined behaviour on bitshifts on signed integer

Shifting bits into the sign bit is undefined behaviour in C although
both gcc and clang handle it as expected.

Since the value is used as unsigned convert it to unsigned int. For code
readability use 'if' statement instead of a ternary.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/785
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---

diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
index a2e6701670..f53768878e 100644
--- a/src/util/virsocketaddr.c
+++ b/src/util/virsocketaddr.c
@@ -1144,12 +1144,14 @@ virSocketAddrPrefixToNetmask(unsigned int prefix,
     netmask->data.stor.ss_family = AF_UNSPEC; /* assume failure */
 
     if (family == AF_INET) {
-        int ip;
+        unsigned int ip = 0;
 
         if (prefix > 32)
             return -1;
 
-        ip = prefix ? ~((1 << (32 - prefix)) - 1) : 0;
+        if (prefix > 0)
+            ip = ~((1U << (32 - prefix)) - 1);
+
         netmask->data.inet4.sin_addr.s_addr = htonl(ip);
         netmask->data.stor.ss_family = AF_INET;
         netmask->len = sizeof(struct sockaddr_in);