ubsan: Fix incorrect hand-side used in handle

__ubsan_handle_divrem_overflow() incorrectly uses the RHS to report.
It always reports the same log: division of -1 by -1. But it should
report division of LHS by -1.

Signed-off-by: Junhui Pei <paradoxskin233@gmail.com>
Fixes: c6d308534aef ("UBSAN: run-time undefined behavior sanity checker")
Link: https://lore.kernel.org/r/20250602153841.62935-1-paradoxskin233@gmail.com
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/lib/ubsan.c b/lib/ubsan.c
index a6ca235dd714f503fc59e96f15aa11de5797ba76..456e3dd8f4ea894a139fb4b5603cf43930424dc6 100644 (file)
--- a/lib/ubsan.c
+++ b/lib/ubsan.c
@@ -333,18 +333,18 @@ EXPORT_SYMBOL(__ubsan_handle_implicit_conversion);
 void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs)
 {
        struct overflow_data *data = _data;
-       char rhs_val_str[VALUE_LENGTH];
+       char lhs_val_str[VALUE_LENGTH];
 
        if (suppress_report(&data->location))
                return;
 
        ubsan_prologue(&data->location, "division-overflow");
 
-       val_to_string(rhs_val_str, sizeof(rhs_val_str), data->type, rhs);
+       val_to_string(lhs_val_str, sizeof(lhs_val_str), data->type, lhs);
 
        if (type_is_signed(data->type) && get_signed_val(data->type, rhs) == -1)
                pr_err("division of %s by -1 cannot be represented in type %s\n",
-                       rhs_val_str, data->type->type_name);
+                       lhs_val_str, data->type->type_name);
        else
                pr_err("division by zero\n");