| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jan 2016 11:18:04 -0300 From: "Geyslan G. Bem" <geyslan@...il.com> To: Andrzej Hajda <a.hajda@...sung.com> Cc: Julia Lawall <Julia.Lawall@...6.fr>, Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>, Marek Szyprowski <m.szyprowski@...sung.com>, Gilles Muller <Gilles.Muller@...6.fr>, Nicolas Palix <nicolas.palix@...g.fr>, Michal Marek <mmarek@...e.com>, open list <linux-kernel@...r.kernel.org>, "moderated list:COCCINELLE/Semantic Patches (SmPL)" <cocci@...teme.lip6.fr> Subject: Re: [PATCH v6] coccinelle: tests: unsigned value cannot be lesser than zero 2016-01-05 10:49 GMT-03:00 Andrzej Hajda <a.hajda@...sung.com>: > On 01/05/2016 01:59 PM, Geyslan G. Bem wrote: >> Hello, >> >> 2016-01-04 4:45 GMT-03:00 Andrzej Hajda <a.hajda@...sung.com>: >>> Unsigned expressions cannot be lesser than zero. Presence of comparisons >>> 'unsigned (<|<=|>|>=) 0' often indicates a bug, usually wrong type of variable. >>> The patch beside finding such comparisons tries to eliminate false positives, >>> mainly by bypassing range checks. >>> >>> gcc can detect such comparisons also using -Wtype-limits switch, but it warns >>> also in correct cases, making too much noise. >>> >>> Signed-off-by: Andrzej Hajda <a.hajda@...sung.com> >>> --- >>> v6: improved range check detection (according to Julia suggestion) >>> v5: improved range check detection >>> v4: added range check detection, added full check in case value holds a result >>> of signed function >>> v3: added bool type >>> v2: added --all-includes option >>> --- >>> .../tests/unsigned_lesser_than_zero.cocci | 76 ++++++++++++++++++++++ >>> 1 file changed, 76 insertions(+) >>> create mode 100644 scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci >>> >>> diff --git a/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci b/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci >>> new file mode 100644 >>> index 0000000..b9c7ed8 >>> --- /dev/null >>> +++ b/scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci >>> @@ -0,0 +1,76 @@ >>> +/// Unsigned expressions cannot be lesser than zero. Presence of >>> +/// comparisons 'unsigned (<|<=|>|>=) 0' often indicates a bug, >>> +/// usually wrong type of variable. >>> +/// >>> +/// To reduce number of false positives following tests have been added: >>> +/// - parts of range checks are skipped, eg. "if (u < 0 || u > 15) ...", >>> +/// developers prefer to keep such code, >>> +/// - comparisons "<= 0" and "> 0" are performed only on results of >>> +/// signed functions/macros, >> Why common unsigned comparisons with <= 0 are not being detected? I >> think that it misleads the code reading and induces further bugs. >> Just reading "var <= 0" infers that var can receive signed value. The >> be clear the comparison should be against zero only "var == 0" or >> depending of the context "!var". >> > > Many developers prefer to use "unsigned <= 0" comparison, as more > descriptive > and less fragile. See for example for the last phrase of Linus email[1]. > > [1]: http://permalink.gmane.org/gmane.linux.kernel/2054063 I got it. Tks. > > Regards > Andrzej > -- Regards, Geyslan G. Bem hackingbits.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists