lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 29 Oct 2018 12:07:44 +0200
From:   Leon Romanovsky <leon@...nel.org>
To:     Doug Ledford <dledford@...hat.com>
Cc:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Lijun Ou <oulijun@...wei.com>,
        "Wei Hu(Xavier)" <xavier.huwei@...wei.com>,
        Jason Gunthorpe <jgg@...pe.ca>, linux-rdma@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] RDMA/hns: Use 64-bit arithmetic instead of 32-bit

On Thu, Oct 18, 2018 at 08:17:10PM -0400, Doug Ledford wrote:
> On Thu, 2018-10-18 at 14:01 +0300, Leon Romanovsky wrote:
> > On Thu, Oct 18, 2018 at 10:02:58AM +0200, Gustavo A. R. Silva wrote:
> > > Cast *max_num_sg* to u64 in order to give the compiler complete
> > > information about the proper arithmetic to use.
> > >
> > > Notice that such variable is used in a context that expects an
> > > expression of type u64 (64 bits, unsigned) and the following
> > > expression is currently being evaluated using 32-bit
> > > arithmetic:
> >
> > And what is wrong with that?
> > Please fix static analyzer tool instead of fixing proper C code.
>
> Judging on the static analyzer tool's message, I don't see anything
> wrong with it.  The code contains a potential unintentional overflow
> error.  The author might have been well aware of the overflow and not
> cared and in that case this is valid C, but the analyzer has no way of
> knowing that, so it flags it for review.  To silence the checker you
> could either cast the arithmetic to u64, or cast length to u32.  Either
> would clear up the ambiguity.  I guess I'm not seeing why you would
> blame the static checker in this case, it did the best it is possible
> for it to do.

You are right, static analyzer tools have no way to understand that this
overflow isn't possible. I was over excited to go to my vacation hence my
response. Sorry about that.

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ