From 94af652fc79a463316fc1c6ec02d51b8ee6254e1 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 5 Feb 2013 14:59:54 +0300
Subject: [PATCH] math: don't return high values in get_fuzzy_max()

The situation is something like this:

	if (x = 0; x < some_unknown_int; x++) {...

We don't know what "some_unknown_int" is but we know that x can't go past
INT_MAX - 1.  But then after the loop the fuzzy max is INT_MAX.

The 10000 value is obviously just made up.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 smatch_math.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/smatch_math.c b/smatch_math.c
index 09181842..08050c43 100644
--- a/smatch_math.c
+++ b/smatch_math.c
@@ -869,6 +869,8 @@ int get_fuzzy_max(struct expression *expr, sval_t *sval)
 	ret =  _get_value(expr, &undefined, FUZZY_MAX);
 	if (undefined)
 		return 0;
+	if (ret.uvalue > INT_MAX - 10000)
+		return 0;
 	*sval = ret;
 	return 1;
 }
-- 
2.11.4.GIT