Am 16.11.2015 um 19:13 schrieb Jeffrey Walton: > Hi Everyone, > > We cleared nearly all of the Coverity findings located at . good job with that one :) > > We have one left, but I am not sure how to proceed. Here is the text > from the finding:"CID 147829 (#1 of 1): Bad bit shift operation > (BAD_SHIFT)33. large_shift: In expression > ((temp >> j) & 1ULL) << this->t1 + j, left shifting by more than 63 > bits has undefined behavior. The shift amount, this->t1 + j, is as > much as 64." > > Here is the source code and line (just below line 710): > http://www.cryptopp.com/docs/ref/gf2n_8cpp_source.html#l00710 . > > I have not been able to duplicate it in practice, which means we can't > test the fix and we risk breaking things. > > My question is, how can we craft a test case to tickle that finding? > I've looked at the issue and my conclusion is that the system is making a mistake (may be wrong though).
It assumes that t1 may get up to 63 in step 27, it then goes through a standard-for-loop, noticing that j=0 < 1 = 64 - 63 in step 28 and 29, meaning we get back to the start of the loop (step 30) but now we increment to j=1 (step 31) and check if j = 1 < 1 = 64 - 63 (step 32), which is obviously false, so t1 + j couldn't get 63 + 1 (which results undefined behavior) but only 63 + 0 (which is allowed). BR JPM > Jeff > > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > cryptopp-users-unsubscr...@googlegroups.com. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google > Groups "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to cryptopp-users+unsubscr...@googlegroups.com > <mailto:cryptopp-users+unsubscr...@googlegroups.com>. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
