Skip to content

Avoid integer divide by zero #1750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hassec merged 3 commits into from
Jun 30, 2021
Merged

Avoid integer divide by zero #1750

hassec merged 3 commits into from
Jun 30, 2021

Conversation

@kevinbackhouse
Copy link
Collaborator

@kevinbackhouse kevinbackhouse commented Jun 30, 2021

The main change here is to fix an integer divide by zero in src/minoltamn_int.cpp.

I also added some defensive coding to avoid the FPE that could be caused by 0x80000000/0xFFFFFFFF: rather than checking that the denominator is not zero, check that the denominator is greater than zero. I doubt that we are ever deliberately using negative denominators, so I think it should be a safe change.

@kevinbackhouse kevinbackhouse added the forward-to-main Forward changes in a 0.28.x PR to main with Mergify label Jun 30, 2021
@kevinbackhouse
Copy link
Collaborator Author

kevinbackhouse commented Jun 30, 2021

This is the CodeQL query that I used to search for integer divide operations:

import cpp
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis

from DivExpr div, Expr rhs
where
  rhs = div.getRightOperand() and
  div.getType() instanceof IntegralType and
  not (lowerBound(rhs) > 0 or upperBound(rhs) < 0) and
  not rhs instanceof SizeofOperator and
  exists(rhs.getLocation().getFile().getRelativePath())
select rhs, rhs.getType()

@kevinbackhouse kevinbackhouse mentioned this pull request Jun 30, 2021
Merged
hassec
hassec approved these changes Jun 30, 2021
View reviewed changes
Copy link
Member

@hassec hassec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 great stuff!

@hassec hassec merged commit cdec9dd into Exiv2:0.27-maintenance Jun 30, 2021
@hassec hassec added this to the v0.27.5 milestone Jun 30, 2021
@hassec hassec added the bug label Jun 30, 2021
@mergify mergify bot mentioned this pull request Jun 30, 2021
Merged
@clanmills clanmills mentioned this pull request Aug 9, 2021
Open
@kevinbackhouse kevinbackhouse deleted the Fix-GHSA-pvjp-m4f6-q984 branch August 11, 2021 15:02
@nehaljwani nehaljwani mentioned this pull request May 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hassec hassec hassec approved these changes

Assignees

No one assigned

Labels

bug forward-to-main Forward changes in a 0.28.x PR to main with Mergify

Projects

None yet

Milestone

v0.27.5

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinbackhouse @hassec