lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1530466325-1678-1-git-send-email-Julia.Lawall@lip6.fr>
Date:   Sun,  1 Jul 2018 19:32:02 +0200
From:   Julia Lawall <Julia.Lawall@...6.fr>
To:     linux-usb@...r.kernel.org, joe@...ches.com,
        Chengguang Xu <cgxu519@....com>
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-input@...r.kernel.org, linux-media@...r.kernel.org
Subject: [PATCH 0/3] cast sizeof to int for comparison

Comparing an int to a size, which is unsigned, causes the int to become
unsigned, giving the wrong result.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@safe disable not_int2@
int x;
position p;
binary operator op = {<,<=};
expression e;
@@

(
x < 0 || (x@p op e)
|
x <= 0 || (x@p op e)
|
x > 0 && (x@p op e)
|
x >= 0 && (x@p op e)
)

@@
int x;
type t;
expression e,e1;
identifier f != {strlen,resource_size};
position p != safe.p;
binary operator op = {<,<=};
@@

*x = f(...);
... when != x = e1
    when != if (x < 0 || ...) { ... return ...; }
(
*x@p op sizeof(e)
|
*x@p op sizeof(t)
)
// </smpl>

---

 drivers/input/mouse/elan_i2c_smbus.c |    2 +-
 drivers/media/usb/gspca/kinect.c     |    2 +-
 drivers/usb/wusbcore/security.c      |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ