428 struct expression *val;
429
430 buf = get_argument_from_call_expr(expr->args, 0);
431 val = get_argument_from_call_expr(expr->args, 1);
432
433 buf = strip_expr(buf);
434 __struct_members_copy(COPY_MEMSET, expr, remove_addr(buf), val);
435 }
436
437 static void match_memcpy(const char *fn, struct expression *expr, void *_arg)
438 {
439 struct expression *dest;
440 struct expression *src;
441
442 dest = get_argument_from_call_expr(expr->args, 0);
443 src = get_argument_from_call_expr(expr->args, 1);
444
445 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(dest), remove_addr(src));
446 }
447
448 static void match_memcpy_unknown(const char *fn, struct expression *expr, void *_arg)
449 {
450 struct expression *dest;
451
452 dest = get_argument_from_call_expr(expr->args, 0);
453 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(dest), NULL);
454 }
455
456 static void match_sscanf(const char *fn, struct expression *expr, void *unused)
457 {
458 struct expression *arg;
459 int i;
460
461 i = -1;
462 FOR_EACH_PTR(expr->args, arg) {
463 if (++i < 2)
464 continue;
465 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(arg), NULL);
466 } END_FOR_EACH_PTR(arg);
467 }
531 arg = get_argument_from_call_expr(expr->args, param);
532 if (!arg)
533 return;
534
535 if (strcmp(value, "0") == 0)
536 __struct_members_copy(COPY_MEMSET, expr, remove_addr(arg), zero_expr());
537 else
538 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(arg), NULL);
539 }
540
541 void register_struct_assignment(int id)
542 {
543 add_function_hook("memset", &match_memset, NULL);
544 add_function_hook("__memset", &match_memset, NULL);
545
546 add_function_hook("memcpy", &match_memcpy, INT_PTR(0));
547 add_function_hook("memmove", &match_memcpy, INT_PTR(0));
548 add_function_hook("__memcpy", &match_memcpy, INT_PTR(0));
549 add_function_hook("__memmove", &match_memcpy, INT_PTR(0));
550
551 add_function_hook("sscanf", &match_sscanf, NULL);
552
553 add_hook(&unop_expr, OP_HOOK);
554 register_clears_param();
555 select_return_states_hook(PARAM_CLEARED, &db_param_cleared);
556
557 select_return_states_hook(CONTAINER, &returns_container_of);
558 }
|
428 struct expression *val;
429
430 buf = get_argument_from_call_expr(expr->args, 0);
431 val = get_argument_from_call_expr(expr->args, 1);
432
433 buf = strip_expr(buf);
434 __struct_members_copy(COPY_MEMSET, expr, remove_addr(buf), val);
435 }
436
437 static void match_memcpy(const char *fn, struct expression *expr, void *_arg)
438 {
439 struct expression *dest;
440 struct expression *src;
441
442 dest = get_argument_from_call_expr(expr->args, 0);
443 src = get_argument_from_call_expr(expr->args, 1);
444
445 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(dest), remove_addr(src));
446 }
447
448 static void match_memdup(const char *fn, struct expression *call_expr,
449 struct expression *expr, void *_unused)
450 {
451 struct expression *left, *right, *arg;
452
453 if (!expr || expr->type != EXPR_ASSIGNMENT)
454 return;
455
456 left = strip_expr(expr->left);
457 right = strip_expr(expr->right);
458
459 if (right->type != EXPR_CALL)
460 return;
461 arg = get_argument_from_call_expr(right->args, 0);
462 __struct_members_copy(COPY_MEMCPY, expr, left, arg);
463 }
464
465 static void match_memcpy_unknown(const char *fn, struct expression *expr, void *_arg)
466 {
467 struct expression *dest;
468
469 dest = get_argument_from_call_expr(expr->args, 0);
470 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(dest), NULL);
471 }
472
473 static void match_sscanf(const char *fn, struct expression *expr, void *unused)
474 {
475 struct expression *arg;
476 int i;
477
478 i = -1;
479 FOR_EACH_PTR(expr->args, arg) {
480 if (++i < 2)
481 continue;
482 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(arg), NULL);
483 } END_FOR_EACH_PTR(arg);
484 }
548 arg = get_argument_from_call_expr(expr->args, param);
549 if (!arg)
550 return;
551
552 if (strcmp(value, "0") == 0)
553 __struct_members_copy(COPY_MEMSET, expr, remove_addr(arg), zero_expr());
554 else
555 __struct_members_copy(COPY_MEMCPY, expr, remove_addr(arg), NULL);
556 }
557
558 void register_struct_assignment(int id)
559 {
560 add_function_hook("memset", &match_memset, NULL);
561 add_function_hook("__memset", &match_memset, NULL);
562
563 add_function_hook("memcpy", &match_memcpy, INT_PTR(0));
564 add_function_hook("memmove", &match_memcpy, INT_PTR(0));
565 add_function_hook("__memcpy", &match_memcpy, INT_PTR(0));
566 add_function_hook("__memmove", &match_memcpy, INT_PTR(0));
567
568 if (option_project == PROJ_KERNEL)
569 return_implies_state_sval("kmemdup", valid_ptr_min_sval, valid_ptr_max_sval, &match_memdup, NULL);
570
571 add_function_hook("sscanf", &match_sscanf, NULL);
572
573 add_hook(&unop_expr, OP_HOOK);
574 register_clears_param();
575 select_return_states_hook(PARAM_CLEARED, &db_param_cleared);
576
577 select_return_states_hook(CONTAINER, &returns_container_of);
578 }
|