[cfe-dev] A need for an "-fsanitize=integer-assign-overflow"

miroslav.fontan miroslav.fontan at wincor-nixdorf.cz
Tue Jan 21 04:46:19 PST 2014


I mean both types of overflow, in both the data are lost.

For testing I created a template safe_cast, attaching demo code and the same
results I would like from the code translated with non-existent
"-fsanitize=integer-overflow-assign"

	/* unsigned -> signed, overflow */
	safe_cast<int8_t >(UINT32_MAX);
	safe_cast<int16_t>(UINT32_MAX);
	safe_cast<int32_t>(UINT32_MAX);
	/* unsigned -> signed, no overflow */
	safe_cast<int64_t>(UINT32_MAX);

	/* unsigned -> unsigned, overflow */
	safe_cast<uint8_t >(UINT64_MAX);
	safe_cast<uint16_t>(UINT64_MAX);
	safe_cast<uint32_t>(UINT64_MAX);
	/* unsigned -> unsigned, no overflow on 64bits */
	safe_cast<size_t  >(UINT64_MAX);
	/* unsigned -> unsigned, no overflow */
	safe_cast<uint64_t>(UINT64_MAX);

	/* signed -> unsigned, overflow */
	safe_cast<uint8_t >((-1));
	safe_cast<uint16_t>((-1));
	safe_cast<uint32_t>((-1));
	safe_cast<uint64_t>((-1));
	safe_cast<size_t  >((-1));

	/* signed -> signed, overflow */
	safe_cast<int8_t >(INT32_MIN);
	safe_cast<int16_t>(INT32_MIN);
	/* signed -> signed, no overflow */
	safe_cast<int32_t>(INT32_MIN);
	safe_cast<int64_t>(INT32_MIN);

> -----Original Message-----
> From: Yury Gribov [mailto:y.gribov at samsung.com]
> Sent: Tuesday, January 21, 2014 10:16 AM
> To: miroslav.fontan; 'David Blaikie'; 'Richard Smith'
> Cc: 'cfe-dev Developers'
> Subject: Re: [cfe-dev] A need for an "-fsanitize=integer-assign-
> overflow"
> 
> Are we talking about signed or unsigned overflows? Both may be useful
> but second isn't UB.
> 
>  > The question is whether it is worth implementing.
> 
> There are some CWEs for it:
> * CWE-197: Numeric Truncation Error
> (http://cwe.mitre.org/data/definitions/197.html)
> * CWE-192: Integer Coercion Error
> (http://cwe.mitre.org/data/definitions/192.html)
> 
> -Y





More information about the cfe-dev mailing list