| commit | f462f2c1b37171cb7cb2203e4a1994206d5b8b20 | |
| author | Dan Carpenter <error27@gmail.com> | |
| Fri, 9 Jul 2010 21:58:57 +0000 (9 23:58 +0200) | ||
| committer | Dan Carpenter <error27@gmail.com> | |
| Fri, 9 Jul 2010 21:58:57 +0000 (9 23:58 +0200) | ||
| tree | 1ac89e12b52513f268892a6bce9a487de5268d1d | treesnapshot (tar.gz zip) |
| parent | 23630093a255a07f439f7f3e7175c7e40f0b967f | commitdiff |
overflow: handle "if (strlen(foo) < 10) {..."
We're only storing the max size of the string. Smatch extra stores ranges
but in this case we're using alloc_my_state() and we're only storing
the max. And unfortunately only one side is maxed out.
if (strlen(foo) < 10) {
// foo is max of 10 chars (including the NULL)
} else {
// there is no max here
}
It would be nice to store a range so we could do stuff like get_fuzzy_max()
but oh well... Good enouch for now. And most code only cares about the
max so it could be worse.
Signed-off-by: Dan Carpenter <error27@gmail.com>
We're only storing the max size of the string. Smatch extra stores ranges
but in this case we're using alloc_my_state() and we're only storing
the max. And unfortunately only one side is maxed out.
if (strlen(foo) < 10) {
// foo is max of 10 chars (including the NULL)
} else {
// there is no max here
}
It would be nice to store a range so we could do stuff like get_fuzzy_max()
but oh well... Good enouch for now. And most code only cares about the
max so it could be worse.
Signed-off-by: Dan Carpenter <error27@gmail.com>
| check_overflow.c | diffblobblamehistory | |
| validation/sm_strlen2.c | [new file with mode: 0644] | blob |