Skip to content

C
cwe_checker
Unverified Commit 70a0487d by Enkelmann Committed by GitHub
Options

CWE119-check: Fix errorneous integer overflow detection (#339)

parent c9bf376b
Showing with 15 additions and 8 deletions
src/cwe_checker_lib/src/checkers/cwe_119/context/mod.rs
...@@ -95,15 +95,22 @@ impl<'a> Context<'a> { ...@@ -95,15 +95,22 @@ impl<'a> Context<'a> {
let object_size = match object_size.get_absolute_value() { let object_size = match object_size.get_absolute_value() {
Some(size) => { Some(size) => {
if let Ok((lower_bound, upper_bound)) = size.try_to_offset_interval() { if let Ok((lower_bound, upper_bound)) = size.try_to_offset_interval() {
// If the lower bound is a reasonable value we approximate the object size by the lower bound instead of the upper bound. let (lower_bound, upper_bound) = (
let bound = if lower_bound > 0 { Bitvector::from_i64(lower_bound)
lower_bound .into_resize_signed(object_size.bytesize()),
Bitvector::from_i64(upper_bound)
.into_resize_signed(object_size.bytesize()),
);
if upper_bound.sign_bit().to_bool() {
// Both bounds seem to be bogus values (because both are negative values).
BitvectorDomain::new_top(object_size.bytesize())
} else if lower_bound.sign_bit().to_bool() {
// The lower bound is bogus, but we can approximate by the upper bound instead.
upper_bound.into()
} else { } else {
upper_bound // We approximate the object size with the smallest possible value.
}; lower_bound.into()
Bitvector::from_i64(bound) }
.into_resize_signed(object_size.bytesize())
.into()
} else { } else {
BitvectorDomain::new_top(object_size.bytesize()) BitvectorDomain::new_top(object_size.bytesize())
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment