From 158582e1dbe1ea175e69463e7f9abb0f67563728 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon, 4 Feb 2013 17:20:33 +0300
Subject: [PATCH] buf_size: fix bug caused by get_implied_max() returning
 s32max

Before we would never get s32max here so len.value + 1 was always positive
and probably a more reasonable positive at that.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 smatch_buf_size.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/smatch_buf_size.c b/smatch_buf_size.c
index 8a406b2b..8fa54165 100644
--- a/smatch_buf_size.c
+++ b/smatch_buf_size.c
@@ -279,9 +279,11 @@ static int get_size_from_strlen(struct expression *expr)
 	state = get_state_expr(my_strlen_id, expr);
 	if (!state || !state->data)
 		return 0;
-	if (get_implied_max((struct expression *)state->data, &len))
-		return len.value + 1; /* add one because strlen doesn't include the NULL */
-	return 0;
+	if (!get_implied_max((struct expression *)state->data, &len))
+		return 0;
+	if (sval_is_max(len))
+		return 0;
+	return len.value + 1; /* add one because strlen doesn't include the NULL */
 }
 
 static struct expression *remove_addr_fluff(struct expression *expr)
-- 
2.11.4.GIT