1 /*
2 * Copyright (C) 2012 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "smatch.h"
19 #include "smatch_extra.h"
20 #include "smatch_slist.h"
21
22 static int my_id;
23
24 static struct symbol *get_cast_type(struct expression *expr)
25 {
26 if (!expr || expr->type != EXPR_PREOP || expr->op != '*')
27 return NULL;
28 expr = strip_parens(expr->unop);
29 if (expr->type != EXPR_CAST)
30 return NULL;
31 return get_pointer_type(expr);
32 }
33
34 static void match_overflow(struct expression *expr)
35 {
36 struct expression *ptr;
37 struct symbol *type;
38 int cast_size;
39 int data_size;
40
41 type = get_cast_type(expr->left);
42 if (!type)
43 return;
44 cast_size = type_bytes(type);
45
46 ptr = strip_expr(expr->left->unop);
47 data_size = get_array_size_bytes_min(ptr);
48 if (data_size <= 0)
49 return;
50 if (data_size >= cast_size)
51 return;
52 sm_warning("potential memory corrupting cast %d vs %d bytes",
53 cast_size, data_size);
54 }
55
56 void check_cast_assign(int id)
57 {
58 my_id = id;
59 add_hook(&match_overflow, ASSIGNMENT_HOOK);
60 }
61