Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
GNUnet/gnunet 32783 CONSTANT_EXPRESSION_RESULT Integer handling issues Prevents code to pick proper 2 GB memory allocation for very large quotas, resulting in possibly a very small (instead of very large) bit map being used, drastically reducing performance. However, more importantly, the bug is suitably subtle. (1<<31) is just 1 too big for a signed 32-bit int, and while the code works with all unsigned values, (1<<31) is first expanded from a negative signed 32-bit int to an unsigned 64-bit int and then compared.
File: /src/datastore/gnunet-service-datastore.c 
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804

  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                _("No `%s' specified for `%s' in configuration!\n"),
                "DATABASE",
                "DATASTORE");
    return;
  }
  GNUNET_asprintf (&quota_stat_name,
                   _("# bytes used in file-sharing datastore `%s'"),
                   plugin_name);
  if (GNUNET_OK !=
      GNUNET_CONFIGURATION_get_value_size (cfg, "DATASTORE", "QUOTA", &quota))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                _("No `%s' specified for `%s' in configuration!\n"),
                "QUOTA",
                "DATASTORE");
    return;
  }
  stats = GNUNET_STATISTICS_create ("datastore", cfg);
  GNUNET_STATISTICS_set (stats, gettext_noop ("# quota"), quota, GNUNET_NO);
  cache_size = quota / 8;       /* Or should we make this an option? */
  GNUNET_STATISTICS_set (stats, gettext_noop ("# cache size"), cache_size,
                         GNUNET_NO);
 
 <<< CID 32783: Integer handling issues CONSTANT_EXPRESSION_RESULT
 <<< "quota / (32768ULL /* 32 * 1024LL */) > (18446744071562067968ULL /* 1 << 31 */)" is always false regardless of the values of its operands. This occurs as the logical operand of if.
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831

  if (quota / (32 * 1024LL) > (1 << 31))
    bf_size = (1 << 31);          /* absolute limit: ~2 GB, beyond that BF just won't help anyway */
  else
    bf_size = quota / (32 * 1024LL);         /* 8 bit per entry, 1 bit per 32 kb in DB */
  fn = NULL;
  if ((GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_filename (cfg,
                                                "DATASTORE",
                                                "BLOOMFILTER",
                                                &fn)) ||
      (GNUNET_OK != GNUNET_DISK_directory_create_for_file (fn)))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                _("Could not use specified filename `%s' for bloomfilter.\n"),
                NULL != fn ? fn : "");
    GNUNET_free_non_null (fn);
    fn = NULL;
  }
  if (NULL != fn)
  {
    GNUNET_asprintf (&pfn, "%s.%s", fn, plugin_name);
    if (GNUNET_YES == GNUNET_DISK_file_test (pfn))
    {
      filter = GNUNET_CONTAINER_bloomfilter_load (pfn, bf_size, 5);        /* approx. 3% false positives at max use */
      if (NULL == filter)
      {
        /* file exists but not valid, remove and try again, but refresh */
Events:
result_independent_of_operands gnunet-service-datastore.c:1805

About Synopsys

Communities and resources