Last active
November 6, 2016 07:16
-
-
Save vlad902/99d2f889b7f34b793ebfc0b44560d27a to your computer and use it in GitHub Desktop.
Find likely signed integer overflows with octopus/gremlin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Cute octopus/gremlin query to find all expressions of the form 'foo < 0 ? foo : -foo', these cases are | |
// likely to not take signed overflow into account, e.g. 0x80000000 (negative signed int max) * -1 = 0x80000000. | |
g.V().has('type', 'ConditionalExpression') | |
.sideEffect { lval = g.V(it.get()).out(AST_EDGE).has('childNum', '1')[0].value('code').replace("- ", "") } | |
.filter { lval.matches("[^0-9].*") } | |
.sideEffect { rval = g.V(it.get()).out(AST_EDGE).has('childNum', '2')[0].value('code').replace("- ", "") } | |
.filter { lval == rval } | |
.out(AST_EDGE).has('childNum', '0').astNodes().filter { it.get().value('code') == lval } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment