File: taint-divisor-pr113619.c

package info (click to toggle)
gcc-arm-none-eabi 15%3A14.2.rel1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,099,328 kB
  • sloc: cpp: 3,627,108; ansic: 2,571,498; ada: 834,230; f90: 235,082; makefile: 79,231; asm: 74,984; xml: 51,692; exp: 39,736; sh: 33,298; objc: 15,629; python: 15,069; fortran: 14,429; pascal: 7,003; awk: 5,070; perl: 3,106; ml: 285; lisp: 253; lex: 204; haskell: 135
file content (29 lines) | stat: -rw-r--r-- 789 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
/* Reduced from false positive in Linux kernel's fs/ceph/ioctl.c: */

__extension__ typedef unsigned long long __u64;

struct ceph_ioctl_layout
{
  __u64 stripe_unit, object_size;
};
static long
__validate_layout(struct ceph_ioctl_layout* l)
{
  if ((l->object_size & ~(~(((1UL) << 12) - 1))) ||
      (l->stripe_unit & ~(~(((1UL) << 12) - 1))) ||
      ((unsigned)l->stripe_unit != 0 &&
       ((unsigned)l->object_size % (unsigned)l->stripe_unit))) /* { dg-bogus "use of attacker-controlled value 'l.stripe_unit' as divisor without checking for zero" "PR analyzer/113619" } */
    return -22;
  return 0;
}

long
__attribute__((tainted_args))
ceph_ioctl_set_layout_policy(struct ceph_ioctl_layout l)
{
  int err;
  err = __validate_layout(&l);
  if (err)
    return err;
  return err;
}