[PATCH 0/3] cast sizeof to int for comparison

From: Julia Lawall
Date: Sun Jul 01 2018 - 14:05:27 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.9 084/101] nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir"
Previous message: Julia Lawall: "[PATCH 3/3] [media] gspca_kinect: cast sizeof to int for comparison"
Next in thread: Julia Lawall: "[PATCH 1/3] Input: elan_i2c_smbus - cast sizeof to int for comparison"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Comparing an int to a size, which is unsigned, causes the int to become
unsigned, giving the wrong result.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@safe disable not_int2@
int x;
position p;
binary operator op = {<,<=};
expression e;
@@

(
x < 0 || (x@p op e)
|
x <= 0 || (x@p op e)
|
x > 0 && (x@p op e)
|
x >= 0 && (x@p op e)
)

@@
int x;
type t;
expression e,e1;
identifier f != {strlen,resource_size};
position p != safe.p;
binary operator op = {<,<=};
@@

*x = f(...);
... when != x = e1
when != if (x < 0 || ...) { ... return ...; }
(
*x@p op sizeof(e)
|
*x@p op sizeof(t)
)
// </smpl>

---

drivers/input/mouse/elan_i2c_smbus.c | 2 +-
drivers/media/usb/gspca/kinect.c | 2 +-
drivers/usb/wusbcore/security.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)

Next message: Greg Kroah-Hartman: "[PATCH 4.9 084/101] nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir"
Previous message: Julia Lawall: "[PATCH 3/3] [media] gspca_kinect: cast sizeof to int for comparison"
Next in thread: Julia Lawall: "[PATCH 1/3] Input: elan_i2c_smbus - cast sizeof to int for comparison"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]