| commit | edd9a919d4d926c1b6ca44df0c3ce0c278d8de33 | |
| author | Dan Carpenter <dan.carpenter@oracle.com> | |
| Fri, 20 Jan 2017 12:37:41 +0000 (20 15:37 +0300) | ||
| committer | Dan Carpenter <dan.carpenter@oracle.com> | |
| Fri, 20 Jan 2017 12:37:41 +0000 (20 15:37 +0300) | ||
| tree | b84859fe76130e406afadfc2785607d207abd154 | treesnapshot (tar.gz zip) |
| parent | 29c662896fef51cd2cd446f938a368f1f47087f4 | commitdiff |
math: handle real_absolute variables more accurately
The problem here is that we were either using smatch_extra or
real_absolute. Say you code like this:
int x = (u8)unknown_variable;
if (x > 10)
return;
__smatch_about(x);
In this example, the "x = (u8)unknown_variable;" assignment is ignored by
smatch_extra because we know literally nothing about unknown_variable, but
it's stored as x = 0-255 in real_absolute.
Then when we get to the condition "if (x > 10)" we say in smatch_extra.c
that x is now s32min-10. So now when we query the real absolute value we
use the smatch_extra data instead of the real_absolute.
Hm... Writing this patch description, it makes me wonder why the
handle_comparison() handling code in smatch_extra.c doesn't use the
real_absolute? It get_real_absolute_rl() at the start already...
None the less, this change makes sense all on its own. What we do now is
that we take the smatch_extra value and the real_absolute value and use
the intersection of both.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
The problem here is that we were either using smatch_extra or
real_absolute. Say you code like this:
int x = (u8)unknown_variable;
if (x > 10)
return;
__smatch_about(x);
In this example, the "x = (u8)unknown_variable;" assignment is ignored by
smatch_extra because we know literally nothing about unknown_variable, but
it's stored as x = 0-255 in real_absolute.
Then when we get to the condition "if (x > 10)" we say in smatch_extra.c
that x is now s32min-10. So now when we query the real absolute value we
use the smatch_extra data instead of the real_absolute.
Hm... Writing this patch description, it makes me wonder why the
handle_comparison() handling code in smatch_extra.c doesn't use the
real_absolute? It get_real_absolute_rl() at the start already...
None the less, this change makes sense all on its own. What we do now is
that we take the smatch_extra value and the real_absolute value and use
the intersection of both.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
| smatch_math.c | diffblobblamehistory |