From 311fe8fe7863003f0a6c5979341fb91e508d09d1 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 5 Mar 2015 16:18:00 +0300
Subject: [PATCH] sval: fix sval_binop_overflows()

It wasn't handling adding negatives or subtraction very well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 smatch_sval.c | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/smatch_sval.c b/smatch_sval.c
index 617ca9d5..c999f666 100644
--- a/smatch_sval.c
+++ b/smatch_sval.c
@@ -498,13 +498,15 @@ int sval_binop_overflows(sval_t left, int op, sval_t right)
 
 	switch (op) {
 	case '+':
-		if (sval_is_negative(right)) {
-			if (left.value < min.value - right.value)
-				return 1;
-		} else {
-			if (left.uvalue > max.uvalue - right.uvalue)
+		if (sval_is_negative(left) && sval_is_negative(right)) {
+			if (left.value < min.value + right.value)
 				return 1;
+			return 0;
 		}
+		if (sval_is_negative(left) || sval_is_negative(right))
+			return 0;
+		if (left.uvalue > max.uvalue - right.uvalue)
+				return 1;
 		return 0;
 	case '*':
 		return right.uvalue != 0 && left.uvalue > max.uvalue / right.uvalue;
@@ -514,12 +516,22 @@ int sval_binop_overflows(sval_t left, int op, sval_t right)
 				return 1;
 			return 0;
 		}
+		if (sval_is_negative(left) && sval_is_negative(right))
+			return 0;
 
-		if (sval_unop_overflows(right, '-'))
-			return 1;
-		right = sval_preop(right, '-');
-		if (sval_binop_overflows(left, '+', right))
-			return 1;
+		if (sval_is_negative(left)) {
+			if (left.value < min.value + right.value)
+				return 1;
+			return 0;
+		}
+		if (sval_is_negative(right)) {
+			if (right.value == min.value)
+				return 1;
+			right = sval_preop(right, '-');
+			if (sval_binop_overflows(left, '+', right))
+				return 1;
+			return 0;
+		}
 		return 0;
 	case SPECIAL_LEFTSHIFT:
 		if (sval_cmp(left, sval_binop(max, invert_op(op), right)) > 0)
-- 
2.11.4.GIT