CWE-680 Compiler Omits Integer Overflow (Was: CWE-680 Implementation Concern)

[bboston7]

Copied over from https://github.com/DARPA-SSITH-Demonstrators/SSITH-FETT-Target/issues/1

@njshanahan wrote:

I created object dumps for a handful of buffer error tests demonstrating CWE-680 and noticed that the integer overflow seems to be omitted by the compiler.

In the example below, the compiler has determined the result of the arithmetic operation (5587) and chosen to load the result into memory as an immediate (min_size_slSydPv is unused). Nothing seems to be overflowed.

// Arrive at N via overflow
size_t buf_size_CmHPguZGKhImu = min_size_sISydPv + ((~((size_t) 0)) - min_size_sISydPv + 5587) + 1;
105ea:       6785                    lui     a5,0x1
105ec:       5d378793                addi    a5,a5,1491 # 15d3 <_PROCEDURE_LINKAGE_TABLE_-0xeecd>
105f0:       f8f43423                sd      a5,-120(s0)

Do you agree with this interpretation? If so, could the template be updated to demonstrate an overflow?

@austinhroach - For your awareness. I apologize for the delay in submitting this.

[rtadros125]

@njshanahan This is a good catch. Thank you. Will merge a fix soon.