Skip to content

Commit 68117b7

Browse files
committed
IntegerOverflow: Support for more guards
Add support for + and - guards related to checking operands relative to each other.
1 parent ba3bf2b commit 68117b7

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

cpp/common/src/codingstandards/cpp/Overflow.qll

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,26 @@ class InterestingOverflowingOperation extends Operation {
7474
ae.getExplicitlyConverted().getType().getSize() < any(IntType i).getSize()
7575
)
7676
or
77+
// Match this pattern for checking for unsigned integer overflow on add
78+
// if (UINT_MAX - i1 < i2)
79+
(this instanceof AddExpr or this instanceof AssignAddExpr) and
80+
this.getType().getUnspecifiedType().(IntegralType).isUnsigned() and
81+
exists(SubExpr se, RelationalOperation relOp |
82+
globalValueNumber(relOp.getGreaterOperand()) = i2 and
83+
relOp.getAnOperand() = se and
84+
globalValueNumber(se.getRightOperand()) = i1 and
85+
se.getLeftOperand().getValue().toFloat() = typeUpperBound(getType())
86+
)
87+
or
88+
// Match this pattern for checking for unsigned integer underflow on subtract
89+
// if (i1 < i2)
90+
(this instanceof SubExpr or this instanceof AssignSubExpr) and
91+
this.getType().getUnspecifiedType().(IntegralType).isUnsigned() and
92+
exists(RelationalOperation relOp |
93+
globalValueNumber(relOp.getGreaterOperand()) = i2 and
94+
globalValueNumber(relOp.getLesserOperand()) = i1
95+
)
96+
or
7797
// The CERT rule for signed integer overflow has a very specific pattern it recommends
7898
// for checking for overflow. We try to match the pattern here.
7999
// ((i2 > 0 && i1 > (INT_MAX - i2)) || (i2 < 0 && i1 < (INT_MIN - i2)))

0 commit comments

Comments
 (0)