From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon, 4 Feb 2013 14:20:33 +0000 (+0300)
Subject: buf_size: fix bug caused by get_implied_max() returning s32max
X-Git-Tag: 1.57~15
X-Git-Url: https://repo.or.cz/w/smatch.git/commitdiff_plain/158582e1dbe1ea175e69463e7f9abb0f67563728

buf_size: fix bug caused by get_implied_max() returning s32max

Before we would never get s32max here so len.value + 1 was always positive
and probably a more reasonable positive at that.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---

diff --git a/smatch_buf_size.c b/smatch_buf_size.c
index 8a406b2b..8fa54165 100644
--- a/smatch_buf_size.c
+++ b/smatch_buf_size.c
@@ -279,9 +279,11 @@ static int get_size_from_strlen(struct expression *expr)
 	state = get_state_expr(my_strlen_id, expr);
 	if (!state || !state->data)
 		return 0;
-	if (get_implied_max((struct expression *)state->data, &len))
-		return len.value + 1; /* add one because strlen doesn't include the NULL */
-	return 0;
+	if (!get_implied_max((struct expression *)state->data, &len))
+		return 0;
+	if (sval_is_max(len))
+		return 0;
+	return len.value + 1; /* add one because strlen doesn't include the NULL */
 }
 
 static struct expression *remove_addr_fluff(struct expression *expr)