Repository :
http://git.fedorahosted.org/git/?p=secure-coding.git
On branch : master
---------------------------------------------------------------
commit e97e4dc0e06ef037b2042a251c17e1f4a66ccc66
Author: Florian Weimer <fweimer(a)redhat.com>
Date: Fri Jun 6 16:49:27 2014 +0200
C: Add example for unsigned overflow check
---------------------------------------------------------------
defensive-coding/en-US/C-Language.xml | 11 +++++++++++
...etic-mult.xml => C-Arithmetic-add_unsigned.xml} | 9 ++++++---
defensive-coding/src/C-Arithmetic-add.c | 14 ++++++++++++++
3 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/defensive-coding/en-US/C-Language.xml
b/defensive-coding/en-US/C-Language.xml
index b1eeec0..8f6f74d 100644
--- a/defensive-coding/en-US/C-Language.xml
+++ b/defensive-coding/en-US/C-Language.xml
@@ -103,8 +103,19 @@
<para>
Perform the calculation in the corresponding unsigned type
and use bit fiddling to detect the overflow.
+ <xref linkend="ex-Defensive_Coding-C-Arithmetic-add_unsigned"/>
+ shows how to perform an overflow check for unsigned integer
+ addition. For three or more terms, all the intermediate
+ additions have to be checked in this way.
</para>
</listitem>
+ </itemizedlist>
+ <example id="ex-Defensive_Coding-C-Arithmetic-add_unsigned">
+ <title>Overflow checking for unsigned addition</title>
+ <xi:include href="snippets/C-Arithmetic-add_unsigned.xml"
+
xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </example>
+ <itemizedlist>
<listitem>
<para>
Compute bounds for acceptable input values which are known
diff --git a/defensive-coding/en-US/snippets/C-Arithmetic-mult.xml
b/defensive-coding/en-US/snippets/C-Arithmetic-add_unsigned.xml
similarity index 68%
copy from defensive-coding/en-US/snippets/C-Arithmetic-mult.xml
copy to defensive-coding/en-US/snippets/C-Arithmetic-add_unsigned.xml
index ecb27a0..4ea1747 100644
--- a/defensive-coding/en-US/snippets/C-Arithmetic-mult.xml
+++ b/defensive-coding/en-US/snippets/C-Arithmetic-add_unsigned.xml
@@ -3,12 +3,15 @@
]>
<!-- Automatically generated file. Do not edit. -->
<programlisting language="C">
+void report_overflow(void);
+
unsigned
-mul(unsigned a, unsigned b)
+add_unsigned(unsigned a, unsigned b)
{
- if (b && a > ((unsigned)-1) / b) {
+ unsigned sum = a + b;
+ if (sum < a) { // or sum < b
report_overflow();
}
- return a * b;
+ return sum;
}
</programlisting>
diff --git a/defensive-coding/src/C-Arithmetic-add.c
b/defensive-coding/src/C-Arithmetic-add.c
index 3e70286..95b403e 100644
--- a/defensive-coding/src/C-Arithmetic-add.c
+++ b/defensive-coding/src/C-Arithmetic-add.c
@@ -15,3 +15,17 @@ add(int a, int b)
return result;
}
//-
+
+//+ C Arithmetic-add_unsigned
+void report_overflow(void);
+
+unsigned
+add_unsigned(unsigned a, unsigned b)
+{
+ unsigned sum = a + b;
+ if (sum < a) { // or sum < b
+ report_overflow();
+ }
+ return sum;
+}
+//-