Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
GNUnet/gnunet | 32783 | CONSTANT_EXPRESSION_RESULT | Integer handling issues | Prevents code to pick proper 2 GB memory allocation for very large quotas, resulting in possibly a very small (instead of very large) bit map being used, drastically reducing performance. However, more importantly, the bug is suitably subtle. (1<<31) is just 1 too big for a signed 32-bit int, and while the code works with all unsigned values, (1<<31) is first expanded from a negative signed 32-bit int to an unsigned 64-bit int and then compared. |
1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 |
{ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("No `%s' specified for `%s' in configuration!\n"), "DATABASE", "DATASTORE"); return; } GNUNET_asprintf ("a_stat_name, _("# bytes used in file-sharing datastore `%s'"), plugin_name); if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_size (cfg, "DATASTORE", "QUOTA", "a)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _("No `%s' specified for `%s' in configuration!\n"), "QUOTA", "DATASTORE"); return; } stats = GNUNET_STATISTICS_create ("datastore", cfg); GNUNET_STATISTICS_set (stats, gettext_noop ("# quota"), quota, GNUNET_NO); cache_size = quota / 8; /* Or should we make this an option? */ GNUNET_STATISTICS_set (stats, gettext_noop ("# cache size"), cache_size, GNUNET_NO); |
<<< CID 32783: Integer handling issues CONSTANT_EXPRESSION_RESULT <<< "quota / (32768ULL /* 32 * 1024LL */) > (18446744071562067968ULL /* 1 << 31 */)" is always false regardless of the values of its operands. This occurs as the logical operand of if.
1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 |
if (quota / (32 * 1024LL) > (1 << 31)) bf_size = (1 << 31); /* absolute limit: ~2 GB, beyond that BF just won't help anyway */ else bf_size = quota / (32 * 1024LL); /* 8 bit per entry, 1 bit per 32 kb in DB */ fn = NULL; if ((GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "DATASTORE", "BLOOMFILTER", &fn)) || (GNUNET_OK != GNUNET_DISK_directory_create_for_file (fn))) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("Could not use specified filename `%s' for bloomfilter.\n"), NULL != fn ? fn : ""); GNUNET_free_non_null (fn); fn = NULL; } if (NULL != fn) { GNUNET_asprintf (&pfn, "%s.%s", fn, plugin_name); if (GNUNET_YES == GNUNET_DISK_file_test (pfn)) { filter = GNUNET_CONTAINER_bloomfilter_load (pfn, bf_size, 5); /* approx. 3% false positives at max use */ if (NULL == filter) { /* file exists but not valid, remove and try again, but refresh */ |
result_independent_of_operands | gnunet-service-datastore.c:1805 |