iovisor / ubpf / 21422523864 / 1
78%
main: 78%

DEFAULT BRANCH: main
Ran
Files 68
Run time 3s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 58.942% (-0.04%) from 58.978%
21422523864.1

push

github

web-flow 
Fix integer overflow vulnerabilities in bounds_check (#720)

* Add integer overflow checks to bounds_check function

- Check for negative size values
- Check for overflow in access_start + size calculation
- Check for overflow in stack_start + stack_len calculation
- Check for overflow in mem_start + mem_len calculation
- Add test case for integer overflow scenario

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Address code review feedback - improve mem NULL handling

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add type cast for bounds check function call

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Fix goto jumping over variable initializers and relax test pattern

- Move all variable declarations before any goto statements to avoid -Wjump-misses-init errors
- Use validity flags (stack_valid, mem_valid) to track which regions are safe to check
- Relax test error pattern from specific hex format to .* for portability

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Fix pointer arithmetic overflow at call sites

Addresses comment 2733624376: The macros BOUNDS_CHECK_LOAD and BOUNDS_CHECK_STORE
now perform address computation safely in uint64_t space with overflow detection
before casting to void* and passing to bounds_check(). This prevents overflow in
the expression (char*)reg[inst.src] + inst.offset from bypassing the overflow
checks in bounds_check().

The fix handles both positive and negative offsets correctly:
- For positive offsets: check if base_addr + offset would overflow
- For negative offsets: check if base_addr - abs(offset) would underflow

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Use computed safe address in memory operations

Extract address computation into helper macro and use the safely computed
address (_eff_addr) in all memory load/store operations instead of reco... (continued)

3556 of 6033 relevant lines covered (58.94%)

14714.82 hits per line

Source Files on job run-Debug-ubuntu-24.04-arm-arm64 - 21422523864.1