| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Jun 2020 16:36:07 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: Denis Efremov <efremov@...ux.com>,
"Gustavo A. R. Silva" <garsilva@...eddedor.com>,
Kees Cook <keescook@...omium.org>,
Coccinelle <cocci@...teme.lip6.fr>
Cc: linux-kernel@...r.kernel.org, Julia Lawall <julia.lawall@...6.fr>
Subject: Re: [PATCH] coccinelle: misc: Add array_size_dup script to detect
missed overflow checks
I propose once more to avoid a typo in the previous patch subject.
…
> (
> - size = E1 * E2;
> + size = array_size(E1, E2);
> |
> - size = E1 * E2 * E3;
> + size = array3_size(E1, E2, E3);
> |
> - size = E1 * E2 + E3;
> + size = struct_size(E1, E2, E3);
> )
How do you think about to use SmPL disjunctions like the following?
size =
(
- (E1) * (E2)
+ array_size(E1, E2)
|
- (E1) * (E2) * (E3)
+ array3_size(E1, E2, E3)
|
- (E1) * (E2) + (E3)
+ struct_size(E1, E2, E3)
);
> ... when != size = E4
> when != size += E4
…
Can it become helpful to express a constraint for a metavariable of
the type “assignment operator”?
> (
> * size = E1 * E2;@p
> |
> * size = E1 * E2 * E3;@p
> |
> * size = E1 * E2 + E3;@p
> )
*size =@p \( (E1) * (E2) \| (E1) * (E2) * (E3) \| (E1) * (E2) + (E3) \)
Regards,
Markus
Powered by blists - more mailing lists