| commit | 916f5dd7b611444934ec704f44b1566e1e005c17 | |
| author | Dan Carpenter <error27@gmail.com> | |
| Sat, 2 Jan 2010 18:51:56 +0000 (2 20:51 +0200) | ||
| committer | Dan Carpenter <error27@gmail.com> | |
| Sat, 2 Jan 2010 18:51:56 +0000 (2 20:51 +0200) | ||
| tree | 01fccf423f26bfe96ad46d7e444a7105fd600a1b | treesnapshot (tar.gz zip) |
| parent | f7f884d842d346235f850eed213efd63ef0405e2 | commitdiff |
introduce get_fuzzy_max()
For detecting array out of bounds errors we want to know the max value of
the offset. Up to now smatch has been using the implied max, but now
we can use the idea of a fuzzy max as well.
if (x < sizeof(buf))
buf[x] = '\0'; // <-- #1
buf[x] = '\0'; // <-- #2
For the above code at point #1 the implied max is sizeof(buf) - 1. At
point #2 there is no implied max but it seems from the context that x
could at least be == sizeof(buf) so that is our fuzzy max.
The idea came from Xuan Ji.
Reported-by: Li Xuan Ji <xuanji@gmail.com>
Signed-off-by: Dan Carpenter <error27@gmail.com>
For detecting array out of bounds errors we want to know the max value of
the offset. Up to now smatch has been using the implied max, but now
we can use the idea of a fuzzy max as well.
if (x < sizeof(buf))
buf[x] = '\0'; // <-- #1
buf[x] = '\0'; // <-- #2
For the above code at point #1 the implied max is sizeof(buf) - 1. At
point #2 there is no implied max but it seems from the context that x
could at least be == sizeof(buf) so that is our fuzzy max.
The idea came from Xuan Ji.
Reported-by: Li Xuan Ji <xuanji@gmail.com>
Signed-off-by: Dan Carpenter <error27@gmail.com>
| check_overflow.c | diffblobblamehistory | |
| smatch.h | diffblobblamehistory | |
| smatch_extra.c | diffblobblamehistory | |
| smatch_helper.c | diffblobblamehistory |