[PATCH] D10634: Loss of Sign Checker
Soumitra Chatterjee
soumitra at yahoo.com
Mon Jul 6 00:56:58 PDT 2015
In http://reviews.llvm.org/D10634#198447, @danielmarjamaki wrote:
> ftp://ftp.sunet.se/pub/Linux/distributions/Debian/debian/pool/main/a/abcm2ps/abcm2ps_7.8.9.orig.tar.gz
> clang-tidy abcm2ps-7.8.9/deco.c
> deco.c:788:9: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> ps_x = -1;
Only a temporary assignment, before being assigned to "signed char" ps_func, and hence safe.
> ftp://ftp.sunet.se/pub/Linux/distributions/Debian/debian/pool/main/a/adolc/adolc_2.5.2.orig.tar.gz
> clang-tidy ADOL-C-2.5.2/ADOL-C/src/taping.c
> taping.c:914:12: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> number = lastTayP1 - ADOLC_CURRENT_TAPE_INFOS.tayBuffer;
This one indeed looks suspicious, since "number" is subsequently used to compute "chunks", which is being used as a loop control guard initialized with 0.
> ftp://ftp.sunet.se/pub/Linux/distributions/Debian/debian/pool/main/a/alsa-lib/alsa-lib_1.0.28.orig.tar.bz2
> clang-tidy alsa-lib-1.0.28/src/pcm/pcm_dsnoop.c
> pcm_dsnoop.c:60:20: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> snd_pcm_uframes_t ptr1 = -2LL /* invalid value */, ptr2;
This can be potentially problematic due to the subsequent equality check with "ptr2".
> ftp://ftp.sunet.se/pub/Linux/distributions/Debian/debian/pool/main/a/anubis/anubis_4.1.1+dfsg1.orig.tar.gz
> clang-tidy anubis-4.1.1+dfsg1/src/rcfile-lex.c
> rcfile-lex.c:1482:3: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> rc_yy_size_t new_size = (rc_yy_n_chars) + number_to_move + ((rc_yy_n_chars) >> 1);
Here, "new_size" is the target size of a realloc, which can go haywire if the assigned value was indeed negative.
> ftp://ftp.sunet.se/pub/Linux/distributions/Debian/debian/pool/main/a/atheme-services/atheme-services_7.0.7.orig.tar.bz2
> clang-tidy atheme-services-7.0.7/modules/groupserv/main/database.c
> database.c:9:21: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
> static unsigned int loading_gdbv = -1;
This is probably problematic, since a subsequent check "loading_gdbv >= 4" (in function "db_h_grp") will always be true, unless modified by an intervening assignment.
> clang-tidy atheme-services-7.0.7/libathemecore/reslib.c
> reslib.c:1093:13: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> n = labellen(cp - 1); /* XXX */
This looks safe to me.
> clang-tidy atheme-services-7.0.7/libmowgli-2/src/libmowgli/dns/dns_evloop_reslib.c
> dns_evloop_reslib.c:1011:8: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> n = labellen(cp - 1); /* XXX */
This looks safe to me.
> clang-tidy avfs-1.0.1/src/sysdeps.c
Looks like you missed mentioning the source.
I am assuming http://sourceforge.net/projects/avf/
> sysdeps.c:251:5: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> static avuid_t myuid = -1;
> ^
My understanding was that the above should cause the subsequent comparison with '-1' to fail, but it doesn't. Promotion?
It does fail in case of 'char' though.
> sysdeps.c:251:5: note: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior
>
> static avuid_t myuid = -1;
> ^
I thought I am only emitting a warning. Where is this "note" originating from? Can this duplicate diagnostic be suppressed?
> sysdeps.c:252:5: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> static avuid_t mygid = -1;
> ^
>
> sysdeps.c:252:5: note: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior
>
> static avuid_t mygid = -1;
> ^
Same as above.
> clang-tidy avfs-1.0.1/zlib/deflate.c
> deflate.c:1033:11: warning: assigning negative value to unsigned variable loses sign and may cause undesired runtime behavior [clang-analyzer-alpha.core.LossOfSignAssign]
>
> n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
Here, "n" is used to adjust the "lookahead", which is then compared with "MIN_MATCH". On assigning a negative value (in effect a huge positive value), the above comparison may fail.
http://reviews.llvm.org/D10634
More information about the cfe-commits
mailing list