| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Jan 2016 14:49:40 +0100 From: Andrzej Hajda <a.hajda@...sung.com> To: "Geyslan G. Bem" <geyslan@...il.com> Cc: Julia Lawall <Julia.Lawall@...6.fr>, Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>, Marek Szyprowski <m.szyprowski@...sung.com>, Gilles Muller <Gilles.Muller@...6.fr>, Nicolas Palix <nicolas.palix@...g.fr>, Michal Marek <mmarek@...e.com>, open list <linux-kernel@...r.kernel.org>, "moderated list:COCCINELLE/Semantic Patches (SmPL)" <cocci@...teme.lip6.fr> Subject: Re: [PATCH v6] coccinelle: tests: unsigned value cannot be lesser than zero On 01/05/2016 01:59 PM, Geyslan G. Bem wrote: > Hello, > > 2016-01-04 4:45 GMT-03:00 Andrzej Hajda <a.hajda@...sung.com>: >> Unsigned expressions cannot be lesser than zero. Presence of comparisons >> 'unsigned (<|<=|>|>=) 0' often indicates a bug, usually wrong type of variable. >> The patch beside finding such comparisons tries to eliminate false positives, >> mainly by bypassing range checks. >> >> gcc can detect such comparisons also using -Wtype-limits switch, but it warns >> also in correct cases, making too much noise. >> >> Signed-off-by: Andrzej Hajda <a.hajda@...sung.com> >> --- >> v6: improved range check detection (according to Julia suggestion) >> v5: improved range check detection >> v4: added range check detection, added full check in case value holds a result >> of signed function >> v3: added bool type >> v2: added --all-includes option >> --- >> .../tests/unsigned_lesser_than_zero.cocci | 76 ++++++++++++++++++++++ >> 1 file changed, 76 insertions(+) >> create mode 100644 scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci >> >> diff --git a/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci b/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci >> new file mode 100644 >> index 0000000..b9c7ed8 >> --- /dev/null >> +++ b/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci >> @@ -0,0 +1,76 @@ >> +/// Unsigned expressions cannot be lesser than zero. Presence of >> +/// comparisons 'unsigned (<|<=|>|>=) 0' often indicates a bug, >> +/// usually wrong type of variable. >> +/// >> +/// To reduce number of false positives following tests have been added: >> +/// - parts of range checks are skipped, eg. "if (u < 0 || u > 15) ...", >> +/// developers prefer to keep such code, >> +/// - comparisons "<= 0" and "> 0" are performed only on results of >> +/// signed functions/macros, > Why common unsigned comparisons with <= 0 are not being detected? I > think that it misleads the code reading and induces further bugs. > Just reading "var <= 0" infers that var can receive signed value. The > be clear the comparison should be against zero only "var == 0" or > depending of the context "!var". > Many developers prefer to use "unsigned <= 0" comparison, as more descriptive and less fragile. See for example for the last phrase of Linus email[1]. [1]: http://permalink.gmane.org/gmane.linux.kernel/2054063 Regards Andrzej -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists