Skip to content

fix: broaden unsigned comparison rule and avoid cast false positives#17

Open
9iang22 wants to merge 1 commit into0xdea:mainfrom
9iang22:fix/raptor-incorrect-unsigned-comparison
Open

fix: broaden unsigned comparison rule and avoid cast false positives#17
9iang22 wants to merge 1 commit into0xdea:mainfrom
9iang22:fix/raptor-incorrect-unsigned-comparison

Conversation

@9iang22
Copy link
Copy Markdown
Contributor

@9iang22 9iang22 commented Apr 10, 2026

Catch additional unsigned types (uint*_t) while excluding signed-cast comparisons

We will cast an unsigned int to a signed one and then compare it with zero to see if there is overflow, but Semgrep can not detect the type cast with typed metavariable.

The following code raises an FP in the original rule with the pattern like (size_t $E) >= 0.

size_t a;
if ((int32_t) a >=0) {...}

PS: It seems like a bug in the Semgrep engine, but whatever, I set a whitelist pattern here to avoid such FP.

@9iang22
fix: broaden unsigned comparison rule and avoid cast false positives
dcb2ccd 
Generalize raptor-incorrect-unsigned-comparison to catch additional unsigned types while excluding signed-cast comparisons. Add mixed and casted test cases to validate the new matching behavior.
@0xdea
Copy link
Copy Markdown
Owner

0xdea commented Apr 11, 2026

Thank you for the PR. Let me think some more about this one.

@9iang22
Copy link
Copy Markdown
Contributor Author

9iang22 commented Apr 11, 2026

The current version also not support typedef, but I don't know how to handle it with Semgrep gracefully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@9iang22 @0xdea