1 /*
   2  * Copyright (C) 2010 Dan Carpenter.
   3  *
   4  * This program is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU General Public License
   6  * as published by the Free Software Foundation; either version 2
   7  * of the License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
  16  */
  17 
  18 #include "smatch.h"
  19 #include "smatch_slist.h"
  20 #include "smatch_extra.h"
  21 
  22 static int my_id;
  23 
  24 static void ok_to_use(struct sm_state *sm, struct expression *mod_expr)
  25 {
  26         set_state(my_id, sm->name, sm->sym, &undefined);
  27 }
  28 
  29 static void match_snprintf(const char *fn, struct expression *expr, void *info)
  30 {
  31         struct expression *call;
  32         struct expression *arg;
  33         sval_t buflen;
  34 
  35         call = strip_expr(expr->right);
  36         arg = get_argument_from_call_expr(call->args, 1);
  37         if (!get_fuzzy_max(arg, &buflen))
  38                 return;
  39         set_state_expr(my_id, expr->left, alloc_state_num(buflen.value));
  40 }
  41 
  42 static int get_old_buflen(struct sm_state *sm)
  43 {
  44         struct sm_state *tmp;
  45         int ret = 0;
  46 
  47         FOR_EACH_PTR(sm->possible, tmp) {
  48                 if (PTR_INT(tmp->state->data) > ret)
  49                         ret = PTR_INT(tmp->state->data);
  50         } END_FOR_EACH_PTR(tmp);
  51         return ret;
  52 }
  53 
  54 static void match_call(struct expression *expr)
  55 {
  56         struct expression *arg;
  57         struct sm_state *sm;
  58         int old_buflen;
  59         sval_t max;
  60 
  61         FOR_EACH_PTR(expr->args, arg) {
  62                 sm = get_sm_state_expr(my_id, arg);
  63                 if (!sm)
  64                         continue;
  65                 old_buflen = get_old_buflen(sm);
  66                 if (!old_buflen)
  67                         return;
  68                 if (get_absolute_max(arg, &max) && sval_cmp_val(max, old_buflen) > 0)
  69                         sm_warning("'%s' returned from snprintf() might be larger than %d",
  70                                 sm->name, old_buflen);
  71         } END_FOR_EACH_PTR(arg);
  72 }
  73 
  74 void check_snprintf(int id)
  75 {
  76         if (option_project != PROJ_KERNEL)
  77                 return;
  78         if (!option_spammy)
  79                 return;
  80 
  81         my_id = id;
  82         add_hook(&match_call, FUNCTION_CALL_HOOK);
  83         add_function_assign_hook("snprintf", &match_snprintf, NULL);
  84         add_modification_hook(my_id, &ok_to_use);
  85 }
  86