On Wed, Nov 16, 2016 at 12:06:39PM -0600, Nico Williams wrote:
> On Tue, Nov 15, 2016 at 09:38:11PM -0200, Bernardo Sulzbach wrote:
> > if( s1>7 && s2>7 ){
> > res = s1 - s2;
> > }else{
> > if( s1==s2 ){
> > // Accesses to aLen as mentioned above
> >
> > If s1 > 7 && s2 > 7 is fa
On Wed, Nov 16, 2016 at 10:52:13PM +0700, Dan Kennedy wrote:
> On 11/16/2016 05:53 AM, Nico Williams wrote:
> > [...]
> >
> > Anyways, the analysis from here is non-trivial, and I can't convince
> > myself that sNC.pNext will not be dereferenced.
>
> Thanks for taking the time to look into these.
On Tue, Nov 15, 2016 at 09:38:11PM -0200, Bernardo Sulzbach wrote:
> if( s1>7 && s2>7 ){
> res = s1 - s2;
> }else{
> if( s1==s2 ){
> // Accesses to aLen as mentioned above
>
> If s1 > 7 && s2 > 7 is false, then at least one of s1 and s2 is not above 7.
> If they are equal, then n
On 11/16/2016 05:53 AM, Nico Williams wrote:
I don't normally pay attention to warnings when compiling SQLite3, nor
to Coverity or other static analysis tools' output either, as I'm quite
aware that most of these are false positives and thus unwelcome noise
here.
However, I do sample them occasi
On 11/15/2016 08:53 PM, Nico Williams wrote:
Another one that I find difficult to analyze is a possible out-of-bounds
read in vdbeSorterCompareInt():
85712 static const u8 aLen[] = {0, 1, 2, 3, 4, 6, 8 };
85713 int i;
85714 res = 0;
85715 for(i=0; i0 && s1<7)
I don't normally pay attention to warnings when compiling SQLite3, nor
to Coverity or other static analysis tools' output either, as I'm quite
aware that most of these are false positives and thus unwelcome noise
here.
However, I do sample them occasionally, and though usually such reports
are fal
6 matches
Mail list logo
