forked from github/securitylab
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path00_MinIntNegate.ql
More file actions
29 lines (27 loc) · 825 Bytes
/
00_MinIntNegate.ql
File metadata and controls
29 lines (27 loc) · 825 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
/**
* @name 00_MinIntNegate
* @description Negating MIN_INT is an integer overflow
* @kind problem
* @id cpp/min-int-negate
* @problem.severity warning
*/
import cpp
import semmle.code.cpp.controlflow.Guards
// Find this pattern:
//
// ```
// if (x < 0) {
// x = -x;
// }
// ```
//
// If the value of `x` is `0x80000000` then this will not make the value of `x` positive.
from GuardCondition guard, BasicBlock block, UnaryMinusExpr unaryMinus, Variable v, Expr use
where
guard.(LTExpr).getLeftOperand() = v.getAnAccess() and
guard.(LTExpr).getRightOperand().getValue().toInt() = 0 and
guard.controls(block, true) and
block.contains(unaryMinus) and
unaryMinus.getOperand() = v.getAnAccess()
select unaryMinus, "If the value of $@ is MinInt then this assignment will not make it positive", v,
v.getName()