math: don't return high values in get_fuzzy_max()
authorDan Carpenter <dan.carpenter@oracle.com>
Tue, 5 Feb 2013 11:59:54 +0000 (5 14:59 +0300)
committerDan Carpenter <dan.carpenter@oracle.com>
Tue, 5 Feb 2013 11:59:54 +0000 (5 14:59 +0300)
The situation is something like this:

if (x = 0; x < some_unknown_int; x++) {...

We don't know what "some_unknown_int" is but we know that x can't go past
INT_MAX - 1.  But then after the loop the fuzzy max is INT_MAX.

The 10000 value is obviously just made up.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch_math.c

index 0918184..08050c4 100644 (file)
@@ -869,6 +869,8 @@ int get_fuzzy_max(struct expression *expr, sval_t *sval)
        ret =  _get_value(expr, &undefined, FUZZY_MAX);
        if (undefined)
                return 0;
+       if (ret.uvalue > INT_MAX - 10000)
+               return 0;
        *sval = ret;
        return 1;
 }