fix: cast i32 to u32 first for zero ext

hsqStephenZhang · qmonnet · commit 2f9986531c0d · 2026-02-05T21:55:15.000Z
Signed-off-by: hsqStephenZhang &lt;stephenzhang666666@gmail.com&gt;
diff --git a/src/interpreter.rs b/src/interpreter.rs
@@ -261,12 +261,12 @@ pub fn execute_program(
             // TODO Check how overflow works in kernel. Should we &= U32MAX all src register value
             // before we do the operation?
             // Cf ((0x11 << 32) - (0x1 << 32)) as u32 VS ((0x11 << 32) as u32 - (0x1 << 32) as u32
-            ebpf::ADD32_IMM  => reg[_dst] = (reg[_dst] as i32).wrapping_add(insn.imm)         as u64, //((reg[_dst] & U32MAX) + insn.imm  as u64)     & U32MAX,
-            ebpf::ADD32_REG  => reg[_dst] = (reg[_dst] as i32).wrapping_add(reg[_src] as i32) as u64, //((reg[_dst] & U32MAX) + (reg[_src] & U32MAX)) & U32MAX,
-            ebpf::SUB32_IMM  => reg[_dst] = (reg[_dst] as i32).wrapping_sub(insn.imm)         as u64,
-            ebpf::SUB32_REG  => reg[_dst] = (reg[_dst] as i32).wrapping_sub(reg[_src] as i32) as u64,
-            ebpf::MUL32_IMM  => reg[_dst] = (reg[_dst] as i32).wrapping_mul(insn.imm)         as u64,
-            ebpf::MUL32_REG  => reg[_dst] = (reg[_dst] as i32).wrapping_mul(reg[_src] as i32) as u64,
+            ebpf::ADD32_IMM  => reg[_dst] = (reg[_dst] as i32).wrapping_add(insn.imm)         as u32 as u64,
+            ebpf::ADD32_REG  => reg[_dst] = (reg[_dst] as i32).wrapping_add(reg[_src] as i32) as u32 as u64,
+            ebpf::SUB32_IMM  => reg[_dst] = (reg[_dst] as i32).wrapping_sub(insn.imm)         as u32 as u64,
+            ebpf::SUB32_REG  => reg[_dst] = (reg[_dst] as i32).wrapping_sub(reg[_src] as i32) as u32 as u64,
+            ebpf::MUL32_IMM  => reg[_dst] = (reg[_dst] as i32).wrapping_mul(insn.imm)         as u32 as u64,
+            ebpf::MUL32_REG  => reg[_dst] = (reg[_dst] as i32).wrapping_mul(reg[_src] as i32) as u32 as u64,
             ebpf::DIV32_IMM if insn.imm as u32 == 0 => reg[_dst] = 0,
             ebpf::DIV32_IMM  => reg[_dst] = (reg[_dst] as u32 / insn.imm              as u32) as u64,
             ebpf::DIV32_REG if reg[_src] as u32 == 0 => reg[_dst] = 0,
diff --git a/tests/ubpf_vm.rs b/tests/ubpf_vm.rs
@@ -2902,3 +2902,38 @@ fn test_vm_tcp_sack_nomatch() {
     let vm = rbpf::EbpfVmRaw::new(Some(&prog)).unwrap();
     assert_eq!(vm.execute_program(mem.as_mut_slice()).unwrap(), 0x0);
 }
+
+// Tests for 32-bit arithmetic with sign extension handling
+// These tests verify that negative results are zero-extended, not sign-extended
+#[test]
+fn test_vm_sub32_imm_negative_result() {
+    // 1 - 2 = -1 (0xFFFFFFFF in u32)
+    // Should be zero-extended to 0x00000000FFFFFFFF, not sign-extended to 0xFFFFFFFFFFFFFFFF
+    let prog = assemble(
+        "
+        mov32 r0, 1
+        sub32 r0, 2
+        exit
+        ",
+    )
+    .unwrap();
+    let vm = rbpf::EbpfVmNoData::new(Some(&prog)).unwrap();
+    assert_eq!(vm.execute_program().unwrap(), 0x00000000FFFFFFFF);
+}
+
+#[test]
+fn test_vm_sub32_reg_negative_result() {
+    // 5 - 10 = -5 (0xFFFFFFFB in u32)
+    // Should be zero-extended to 0x00000000FFFFFFFB
+    let prog = assemble(
+        "
+        mov32 r0, 5
+        mov32 r1, 10
+        sub32 r0, r1
+        exit
+        ",
+    )
+    .unwrap();
+    let vm = rbpf::EbpfVmNoData::new(Some(&prog)).unwrap();
+    assert_eq!(vm.execute_program().unwrap(), 0x00000000FFFFFFFB);
+}
