Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
cwe_checker
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
cwe_checker
Commits
70a0487d
Unverified
Commit
70a0487d
authored
Jun 28, 2022
by
Enkelmann
Committed by
GitHub
Jun 28, 2022
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
CWE119-check: Fix errorneous integer overflow detection (#339)
parent
c9bf376b
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
15 additions
and
8 deletions
+15
-8
mod.rs
src/cwe_checker_lib/src/checkers/cwe_119/context/mod.rs
+15
-8
No files found.
src/cwe_checker_lib/src/checkers/cwe_119/context/mod.rs
View file @
70a0487d
...
...
@@ -95,15 +95,22 @@ impl<'a> Context<'a> {
let
object_size
=
match
object_size
.get_absolute_value
()
{
Some
(
size
)
=>
{
if
let
Ok
((
lower_bound
,
upper_bound
))
=
size
.try_to_offset_interval
()
{
// If the lower bound is a reasonable value we approximate the object size by the lower bound instead of the upper bound.
let
bound
=
if
lower_bound
>
0
{
lower_bound
let
(
lower_bound
,
upper_bound
)
=
(
Bitvector
::
from_i64
(
lower_bound
)
.into_resize_signed
(
object_size
.bytesize
()),
Bitvector
::
from_i64
(
upper_bound
)
.into_resize_signed
(
object_size
.bytesize
()),
);
if
upper_bound
.sign_bit
()
.to_bool
()
{
// Both bounds seem to be bogus values (because both are negative values).
BitvectorDomain
::
new_top
(
object_size
.bytesize
())
}
else
if
lower_bound
.sign_bit
()
.to_bool
()
{
// The lower bound is bogus, but we can approximate by the upper bound instead.
upper_bound
.into
()
}
else
{
upper_bound
};
Bitvector
::
from_i64
(
bound
)
.into_resize_signed
(
object_size
.bytesize
())
.into
()
// We approximate the object size with the smallest possible value.
lower_bound
.into
()
}
}
else
{
BitvectorDomain
::
new_top
(
object_size
.bytesize
())
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment