I created object dumps for a handful of buffer error tests demonstrating CWE-680 and noticed that the integer overflow seems to be omitted by the compiler.
In the example below, the compiler has determined the result of the arithmetic operation (5587) and chosen to load the result into memory as an immediate (min_size_slSydPv is unused). Nothing seems to be overflowed.
// Arrive at N via overflow
size_t buf_size_CmHPguZGKhImu = min_size_sISydPv + ((~((size_t) 0)) - min_size_sISydPv + 5587) + 1;
105ea: 6785 lui a5,0x1
105ec: 5d378793 addi a5,a5,1491 # 15d3 <_PROCEDURE_LINKAGE_TABLE_-0xeecd>
105f0: f8f43423 sd a5,-120(s0)
Do you agree with this interpretation? If so, could the template be updated to demonstrate an overflow?
@austinhroach - For your awareness. I apologize for the delay in submitting this.
Copied over from https://github.com/DARPA-SSITH-Demonstrators/SSITH-FETT-Target/issues/1
@njshanahan wrote: