[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [patch #10335] api, sockets: Fix signed overflow check
From: |
Mingjie Shen |
Subject: |
[lwip-devel] [patch #10335] api, sockets: Fix signed overflow check |
Date: |
Wed, 19 Apr 2023 01:57:57 -0400 (EDT) |
Follow-up Comment #1, patch #10335 (project lwip):
When checking for integer overflow, you may often write tests like a + b < a.
This works fine if a or b are unsigned integers, since any overflow in the
addition will cause the value to simply "wrap around." However, using signed
integers is problematic because signed overflow has undefined behavior
according to the C and C++ standards. If the addition overflows and has an
undefined result, the comparison will likewise be undefined; it may produce an
unintended result, or may be deleted entirely by an optimizing compiler.
See https://codeql.github.com/codeql-query-help/cpp/cpp-signed-overflow-check/
[comment #0 original submission:]
> Signed overflow is undefined behaviour in C/C++.
> ---
> src/api/sockets.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/api/sockets.c b/src/api/sockets.c
> index 929cd652..50365589 100644
> --- a/src/api/sockets.c
> +++ b/src/api/sockets.c
> @@ -1012,7 +1012,7 @@ lwip_recv_tcp(struct lwip_sock *sock, void *mem,
size_t len, int flags)
> } else {
> copylen = (u16_t)recv_left;
> }
> - if (recvd + copylen < recvd) {
> + if (recvd > SSIZE_MAX - copylen) {
> /* overflow */
> copylen = (u16_t)(SSIZE_MAX - recvd);
> }
> --
> 2.25.1
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/patch/?10335>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/