| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 1 Jul 2018 19:32:02 +0200
From: Julia Lawall <Julia.Lawall@...6.fr>
To: linux-usb@...r.kernel.org, joe@...ches.com,
Chengguang Xu <cgxu519@....com>
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-input@...r.kernel.org, linux-media@...r.kernel.org
Subject: [PATCH 0/3] cast sizeof to int for comparison
Comparing an int to a size, which is unsigned, causes the int to become
unsigned, giving the wrong result.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@safe disable not_int2@
int x;
position p;
binary operator op = {<,<=};
expression e;
@@
(
x < 0 || (x@p op e)
|
x <= 0 || (x@p op e)
|
x > 0 && (x@p op e)
|
x >= 0 && (x@p op e)
)
@@
int x;
type t;
expression e,e1;
identifier f != {strlen,resource_size};
position p != safe.p;
binary operator op = {<,<=};
@@
*x = f(...);
... when != x = e1
when != if (x < 0 || ...) { ... return ...; }
(
*x@p op sizeof(e)
|
*x@p op sizeof(t)
)
// </smpl>
---
drivers/input/mouse/elan_i2c_smbus.c | 2 +-
drivers/media/usb/gspca/kinect.c | 2 +-
drivers/usb/wusbcore/security.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Powered by blists - more mailing lists