Fixes an integer overflow in a helper class#759
Fixes an integer overflow in a helper class#759kaczmarczyck wants to merge 2 commits intogoogle:developfrom
Conversation
This was not exploitable as a vulnerability as far as I know. All inputs to the function are coming from configs, and are never user inputs.
Summary of ChangesHello @kaczmarczyck, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a potential integer overflow within the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly fixes a potential integer overflow in find_address by using checked_add. The accompanying unit test effectively demonstrates the issue and verifies the fix. My review includes a minor suggestion to improve the readability of the new test case by adding a comment that explains why the chosen values trigger the overflow.
|
|
||
| #[test] | ||
| #[should_panic] | ||
| fn partition_find_address_overflow() { |
There was a problem hiding this comment.
I don't think this test is useful. We should instead fix ModRange::new() to panic if start + length overflows (or return an error but that would mean more changes).
There was a problem hiding this comment.
Some unit tests for ModRange check slices that overflow. I'd have to check if we rely on this behavior somewhere, or it makes something more robust. But the panic in ModRange would be a change in working existing behavior.
There was a problem hiding this comment.
This PR is also changing the existing behavior in almost exactly the same way. If start + length overflow for a range in find_address then it will overflow the same way in ModRange::new(). Also the documentation of ModRange is clear that it represents [start, start + length) which is nonsensical in case of overflow.
There was a problem hiding this comment.
ModRange is used more widely than Partition. So we can fix partition and make it robust, without touching ModRange.
ModRange::new does not overflow, so I think you mean it should have an end that wouldn't overflow?
pub fn new(start: usize, length: usize) -> ModRange {
ModRange { start, length }
}
I'm not sure why a ModRange that doesn't have an end within usize is not acceptable as is. Its public functions seem to not contradict this, e.g. intersects_range? Can't it represent [start, start + length) as the interval you know from Maths?
|
Discussed offline, not exploitable so not worth the change. |
3 participants
This was not exploitable as a vulnerability as far as I know. All inputs to the function are coming from configs, and are never user inputs.
The new unit test would have panicked without the fix.