title | description | ms.date |
---|---|---|
BadOverflowGuard (Supplemental Windows Driver CodeQL Query) |
BadOverflowGuard a Supplemental Windows Driver CodeQL Query |
01/11/2021 |
Checking for overflow of an addition by comparing against one of the arguments of the addition fails if the size of all the argument types are smaller than 4 bytes. This is because the result of the addition is promoted to a 4 byte int.
Check the overflow by comparing the addition against a value that is at least 4 bytes.
In this example, the result of the comparison will result in an integer overflow:
unsigned short CheckForInt16OverflowBadCode(unsigned short v, unsigned short b)
{
if (v + b < v) // BUG: "v + b" will be promoted to 32 bits
{
// ... do something
}
return v + b;
}
To fix the bug, check the overflow by comparing the addition against a value that is at least 4 bytes:
unsigned short CheckForInt16OverflowCorrectCode(unsigned short v, unsigned short b)
{
if (v + b > 0x00FFFF)
{
// ... do something
}
return v + b;
}
This query can be found in the Microsoft GitHub CodeQL repository. See the CodeQL and the Static Tools Logo Test page for details on how Windows Driver developers can download and run CodeQL.