Print this page
11506 smatch resync
*** 33,49 ****
int string;
};
struct param_info zero_one = {0, 1};
! static int handle_format(struct expression *call, char **pp, int *arg_nr)
{
struct expression *arg;
char *p = *pp;
int ret = 1;
char buf[256];
! sval_t max;
p++; /* we passed it with *p == '%' */
if (*p == '%') {
p++;
--- 33,49 ----
int string;
};
struct param_info zero_one = {0, 1};
! static int handle_format(struct expression *call, char **pp, int *arg_nr, bool use_max)
{
struct expression *arg;
char *p = *pp;
int ret = 1;
char buf[256];
! sval_t sval;
p++; /* we passed it with *p == '%' */
if (*p == '%') {
p++;
*** 139,165 ****
ret = 1;
p++;
goto out;
}
! get_absolute_max(arg, &max);
if (*p == 'x' || *p == 'X' || *p == 'p') {
! ret = snprintf(buf, sizeof(buf), "%llx", max.uvalue);
} else if (*p == 'u') {
! ret = snprintf(buf, sizeof(buf), "%llu", max.uvalue);
} else if (!expr_unsigned(arg)) {
sval_t min;
int tmp;
! ret = snprintf(buf, sizeof(buf), "%lld", max.value);
get_absolute_min(arg, &min);
tmp = snprintf(buf, sizeof(buf), "%lld", min.value);
if (tmp > ret)
ret = tmp;
} else {
! ret = snprintf(buf, sizeof(buf), "%lld", max.value);
}
p++;
out:
(*arg_nr)++;
--- 139,172 ----
ret = 1;
p++;
goto out;
}
! if (use_max) {
! get_absolute_max(arg, &sval);
! } else {
! get_absolute_min(arg, &sval);
! if (sval_is_negative(sval))
! sval.value = 0;
! }
+
if (*p == 'x' || *p == 'X' || *p == 'p') {
! ret = snprintf(buf, sizeof(buf), "%llx", sval.uvalue);
} else if (*p == 'u') {
! ret = snprintf(buf, sizeof(buf), "%llu", sval.uvalue);
} else if (!expr_unsigned(arg)) {
sval_t min;
int tmp;
! ret = snprintf(buf, sizeof(buf), "%lld", sval.value);
get_absolute_min(arg, &min);
tmp = snprintf(buf, sizeof(buf), "%lld", min.value);
if (tmp > ret)
ret = tmp;
} else {
! ret = snprintf(buf, sizeof(buf), "%lld", sval.value);
}
p++;
out:
(*arg_nr)++;
*** 166,176 ****
out_no_arg:
*pp = p;
return ret;
}
! int get_formatted_string_size(struct expression *call, int arg)
{
struct expression *expr;
char *p;
int count;
--- 173,183 ----
out_no_arg:
*pp = p;
return ret;
}
! int get_formatted_string_size_helper(struct expression *call, int arg, bool use_max)
{
struct expression *expr;
char *p;
int count;
*** 182,204 ****
count = 0;
p = expr->string->data;
while (*p) {
if (*p == '%') {
! count += handle_format(call, &p, &arg);
} else if (*p == '\\') {
p++;
}else {
p++;
count++;
}
}
- count++; /* count the NUL terminator */
return count;
}
static void match_not_limited(const char *fn, struct expression *call, void *info)
{
struct param_info *params = info;
struct range_list *rl;
struct expression *dest;
--- 189,220 ----
count = 0;
p = expr->string->data;
while (*p) {
if (*p == '%') {
! count += handle_format(call, &p, &arg, use_max);
} else if (*p == '\\') {
p++;
}else {
p++;
count++;
}
}
return count;
}
+ int get_formatted_string_size(struct expression *call, int arg)
+ {
+ return get_formatted_string_size_helper(call, arg, true);
+ }
+
+ int get_formatted_string_min_size(struct expression *call, int arg)
+ {
+ return get_formatted_string_size_helper(call, arg, false);
+ }
+
static void match_not_limited(const char *fn, struct expression *call, void *info)
{
struct param_info *params = info;
struct range_list *rl;
struct expression *dest;
*** 222,235 ****
buf_size = get_array_size_bytes(dest);
if (buf_size <= 0)
return;
size = get_formatted_string_size(call, params->string);
! if (size <= 0)
return;
if (size < offset)
size -= offset;
if (size <= buf_size)
return;
i = 0;
FOR_EACH_PTR(call->args, arg) {
--- 238,252 ----
buf_size = get_array_size_bytes(dest);
if (buf_size <= 0)
return;
size = get_formatted_string_size(call, params->string);
! if (size < 0)
return;
if (size < offset)
size -= offset;
+ size++; /* add the NULL terminator */
if (size <= buf_size)
return;
i = 0;
FOR_EACH_PTR(call->args, arg) {