| commit | 5015551e2985c2ca178cec4002f428a076e34360 | |
| author | Dan Carpenter <dan.carpenter@oracle.com> | |
| Fri, 8 Sep 2017 20:40:52 +0000 (8 23:40 +0300) | ||
| committer | Dan Carpenter <dan.carpenter@oracle.com> | |
| Fri, 8 Sep 2017 20:40:52 +0000 (8 23:40 +0300) | ||
| tree | 956b9f9df92dffcbb7ae15c75be7f3c9e8118a35 | treesnapshot (tar.gz zip) |
| parent | 15b7b63bde663078d1e72895d56ad564eece2de1 | commitdiff |
user_data2: change how conditions are handled to silence underflow warnings
What I was looking at here is this:
if (untrusted_int < trusted_ulong)
my_array[untrusted_int] = foo;
The "untrusted_int" here would be type promoted to unsigned long. If it
were negative, that would be a huge positive value. Probably the trusted
value is the size of my_array[] and not something larger than INT_MAX.
In the original code, Smatch would say, "we don't know the value of
trusted_ulong so it could be larger than INT_MAX", but now we just
assume that's not true.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
What I was looking at here is this:
if (untrusted_int < trusted_ulong)
my_array[untrusted_int] = foo;
The "untrusted_int" here would be type promoted to unsigned long. If it
were negative, that would be a huge positive value. Probably the trusted
value is the size of my_array[] and not something larger than INT_MAX.
In the original code, Smatch would say, "we don't know the value of
trusted_ulong so it could be larger than INT_MAX", but now we just
assume that's not true.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
| check_user_data2.c | diffblobblamehistory |