1 /*
   2  * Copyright (C) 2011 Dan Carpenter.
   3  *
   4  * This program is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU General Public License
   6  * as published by the Free Software Foundation; either version 2
   7  * of the License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
  16  */
  17 
  18 #include "smatch.h"
  19 
  20 static int my_id;
  21 
  22 static int get_data_size(struct expression *ptr)
  23 {
  24         struct symbol *type;
  25 
  26         type = get_type(ptr);
  27         if (!type || type->type != SYM_PTR)
  28                 return 0;
  29         type = get_base_type(type);
  30         if (!type)
  31                 return 0;
  32         return type_bytes(type);
  33 }
  34 
  35 static void check_size_matches(int data_size, struct expression *size_expr)
  36 {
  37         sval_t sval;
  38 
  39         if (data_size == 1)  /* this is generic a buffer */
  40                 return;
  41 
  42         if (!get_implied_value(size_expr, &sval))
  43                 return;
  44         if (sval_cmp_val(sval, data_size) != 0)
  45                 sm_warning("double check that we're allocating correct size: %d vs %s", data_size, sval_to_str(sval));
  46 }
  47 
  48 static void match_alloc(const char *fn, struct expression *expr, void *unused)
  49 {
  50         struct expression *call = strip_expr(expr->right);
  51         struct expression *arg;
  52         int ptr_size;
  53 
  54         ptr_size = get_data_size(expr->left);
  55         if (!ptr_size)
  56                 return;
  57 
  58         arg = get_argument_from_call_expr(call->args, 0);
  59         arg = strip_expr(arg);
  60         if (!arg || arg->type != EXPR_BINOP || arg->op != '*')
  61                 return;
  62         if (expr->left->type == EXPR_SIZEOF)
  63                 check_size_matches(ptr_size, arg->left);
  64         if (expr->right->type == EXPR_SIZEOF)
  65                 check_size_matches(ptr_size, arg->right);
  66 }
  67 
  68 static void match_calloc(const char *fn, struct expression *expr, void *_arg_nr)
  69 {
  70         int arg_nr = PTR_INT(_arg_nr);
  71         struct expression *call = strip_expr(expr->right);
  72         struct expression *arg;
  73         int ptr_size;
  74 
  75         ptr_size = get_data_size(expr->left);
  76         if (!ptr_size)
  77                 return;
  78 
  79         arg = get_argument_from_call_expr(call->args, arg_nr);
  80         check_size_matches(ptr_size, arg);
  81 }
  82 
  83 void check_kmalloc_wrong_size(int id)
  84 {
  85         my_id = id;
  86 
  87         if (option_project != PROJ_KERNEL) {
  88                 add_function_assign_hook("malloc", &match_alloc, NULL);
  89                 add_function_assign_hook("calloc", &match_calloc, INT_PTR(1));
  90                 return;
  91         }
  92 
  93         add_function_assign_hook("kmalloc", &match_alloc, NULL);
  94         add_function_assign_hook("kcalloc", &match_calloc, INT_PTR(1));
  95 }