Skip to content

Commit 2e0a7f0

Browse files
tautschnigtautschnig
authored
Merge pull request #5258 from feliperodri/update-avoid-overflow
Avoids arithmetic overflow on signed to unsigned type conversions
2 parents 9ee5b9d + 4d715f1 commit 2e0a7f0

File tree

2 files changed

+29
-17
lines changed

2 files changed

+29
-17
lines changed

regression/cbmc-library/String6/test.desc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
CORE
22
main.c
3-
--pointer-check --bounds-check
3+
--pointer-check --bounds-check --conversion-check
44
^EXIT=0$
55
^SIGNAL=0$
66
^VERIFICATION SUCCESSFUL$

src/ansi-c/library/string.c

Lines changed: 28 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -357,8 +357,8 @@ __CPROVER_HIDE:;
357357

358358
inline int strcmp(const char *s1, const char *s2)
359359
{
360-
__CPROVER_HIDE:;
361-
#ifdef __CPROVER_STRING_ABSTRACTION
360+
__CPROVER_HIDE:;
361+
#ifdef __CPROVER_STRING_ABSTRACTION
362362
int retval;
363363
__CPROVER_precondition(__CPROVER_is_zero_string(s1),
364364
"strcmp zero-termination of 1st argument");
@@ -369,13 +369,16 @@ inline int strcmp(const char *s1, const char *s2)
369369
__CPROVER_assume(retval!=0);
370370

371371
return retval;
372-
#else
372+
#else
373373
__CPROVER_size_t i=0;
374374
unsigned char ch1, ch2;
375375
do
376376
{
377+
# pragma CPROVER check push
378+
# pragma CPROVER check disable "conversion"
377379
ch1=s1[i];
378380
ch2=s2[i];
381+
# pragma CPROVER check pop
379382

380383
if(ch1==ch2)
381384
{
@@ -389,7 +392,7 @@ inline int strcmp(const char *s1, const char *s2)
389392
}
390393
while(ch1!=0 && ch2!=0);
391394
return 0;
392-
#endif
395+
#endif
393396
}
394397

395398
/* FUNCTION: strcasecmp */
@@ -403,8 +406,8 @@ inline int strcmp(const char *s1, const char *s2)
403406

404407
inline int strcasecmp(const char *s1, const char *s2)
405408
{
406-
__CPROVER_HIDE:;
407-
#ifdef __CPROVER_STRING_ABSTRACTION
409+
__CPROVER_HIDE:;
410+
#ifdef __CPROVER_STRING_ABSTRACTION
408411
int retval;
409412
__CPROVER_precondition(__CPROVER_is_zero_string(s1),
410413
"strcasecmp zero-termination of 1st argument");
@@ -415,13 +418,16 @@ inline int strcasecmp(const char *s1, const char *s2)
415418
__CPROVER_assume(retval!=0);
416419

417420
return retval;
418-
#else
421+
#else
419422
__CPROVER_size_t i=0;
420423
unsigned char ch1, ch2;
421424
do
422425
{
426+
# pragma CPROVER check push
427+
# pragma CPROVER check disable "conversion"
423428
ch1=s1[i];
424429
ch2=s2[i];
430+
# pragma CPROVER check pop
425431

426432
if(ch1>='A' && ch1<='Z') ch1+=('a'-'A');
427433
if(ch2>='A' && ch2<='Z') ch2+=('a'-'A');
@@ -438,7 +444,7 @@ inline int strcasecmp(const char *s1, const char *s2)
438444
}
439445
while(ch1!=0 && ch2!=0);
440446
return 0;
441-
#endif
447+
#endif
442448
}
443449

444450
/* FUNCTION: strncmp */
@@ -452,23 +458,26 @@ inline int strcasecmp(const char *s1, const char *s2)
452458

453459
inline int strncmp(const char *s1, const char *s2, size_t n)
454460
{
455-
__CPROVER_HIDE:;
456-
#ifdef __CPROVER_STRING_ABSTRACTION
461+
__CPROVER_HIDE:;
462+
#ifdef __CPROVER_STRING_ABSTRACTION
457463
__CPROVER_precondition(__CPROVER_is_zero_string(s1) ||
458464
__CPROVER_buffer_size(s1)>=n,
459465
"strncmp zero-termination of 1st argument");
460466
__CPROVER_precondition(__CPROVER_is_zero_string(s2) ||
461467
__CPROVER_buffer_size(s2)>=n,
462468
"strncmp zero-termination of 2nd argument");
463-
#else
469+
#else
464470
__CPROVER_size_t i=0;
465471
unsigned char ch1, ch2;
466472
if(n == 0)
467473
return 0;
468474
do
469475
{
476+
# pragma CPROVER check push
477+
# pragma CPROVER check disable "conversion"
470478
ch1=s1[i];
471479
ch2=s2[i];
480+
# pragma CPROVER check pop
472481

473482
if(ch1==ch2)
474483
{
@@ -482,7 +491,7 @@ inline int strncmp(const char *s1, const char *s2, size_t n)
482491
}
483492
while(ch1!=0 && ch2!=0 && i<n);
484493
return 0;
485-
#endif
494+
#endif
486495
}
487496

488497
/* FUNCTION: strncasecmp */
@@ -496,23 +505,26 @@ inline int strncmp(const char *s1, const char *s2, size_t n)
496505

497506
inline int strncasecmp(const char *s1, const char *s2, size_t n)
498507
{
499-
__CPROVER_HIDE:;
500-
#ifdef __CPROVER_STRING_ABSTRACTION
508+
__CPROVER_HIDE:;
509+
#ifdef __CPROVER_STRING_ABSTRACTION
501510
int retval;
502511
__CPROVER_precondition(__CPROVER_is_zero_string(s1),
503512
"strncasecmp zero-termination of 1st argument");
504513
__CPROVER_precondition(__CPROVER_is_zero_string(s2),
505514
"strncasecmp zero-termination of 2nd argument");
506515
return retval;
507-
#else
516+
#else
508517
__CPROVER_size_t i=0;
509518
unsigned char ch1, ch2;
510519
if(n == 0)
511520
return 0;
512521
do
513522
{
523+
# pragma CPROVER check push
524+
# pragma CPROVER check disable "conversion"
514525
ch1=s1[i];
515526
ch2=s2[i];
527+
# pragma CPROVER check pop
516528

517529
if(ch1>='A' && ch1<='Z') ch1+=('a'-'A');
518530
if(ch2>='A' && ch2<='Z') ch2+=('a'-'A');
@@ -529,7 +541,7 @@ inline int strncasecmp(const char *s1, const char *s2, size_t n)
529541
}
530542
while(ch1!=0 && ch2!=0 && i<n);
531543
return 0;
532-
#endif
544+
#endif
533545
}
534546

535547
/* FUNCTION: strlen */

0 commit comments

Comments
 (0)