Skip to content

CID 498034: Overflowed return value (INTEGER_OVERFLOW)

Casting to size_t is wrong for 32 bit machines where sizeof(size_t) == sizeof(long). The sysconf man page even warns of this. Adjust the cast to a uint64_t. Also test for all possible negative values of pages and pagesize.

     _SC_PHYS_PAGES
             The number of pages of physical memory.  Note that it is possible that the product of this value and the
             value of _SC_PAGESIZE will overflow a long in some configurations on a 32bit machine.
39#if defined(_SC_PHYS_PAGES) && defined(_SC_PAGESIZE)
    	1. tainted_data_return: Called function sysconf(_SC_PHYS_PAGES), and a possible return value may be less than zero.
    	2. assign: Assigning: pages = sysconf(_SC_PHYS_PAGES).
40        long pages = sysconf(_SC_PHYS_PAGES);
41        long pagesize = sysconf(_SC_PAGESIZE);
42
    	3. Condition pages == -1, taking false branch.
    	4. Condition pagesize == -1, taking false branch.
43        if (pages == -1 || pagesize == -1) {
44                return (0);
45        }
46
    	5. overflow: The expression (size_t)pages * pagesize might be negative, but is used in a context that treats it as unsigned.
    	
CID 498034: (#1 of 1): Overflowed return value (INTEGER_OVERFLOW)
6. return_overflow: (size_t)pages * pagesize, which might have underflowed, is returned from the function.
47        return ((size_t)pages * pagesize);
48#endif /* if defined(_SC_PHYS_PAGES) && defined(_SC_PAGESIZE) */
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information