52
53 if (expr->op != '=')
54 return;
55
56 if (!get_value(expr->right, &sval) || sval.value != 0)
57 return;
58
59 array = get_array_base(expr->left);
60 if (!array)
61 return;
62
63 type = get_type(array);
64 if (!type)
65 return;
66 type = get_real_base_type(type);
67 if (type != &char_ctype)
68 return;
69 set_terminated(array, &terminated);
70 }
71
72 static struct smatch_state *get_terminated_state(struct expression *expr)
73 {
74 struct sm_state *sm, *tmp;
75
76 if (!expr)
77 return NULL;
78 if (expr->type == EXPR_STRING)
79 return &terminated;
80 sm = get_sm_state_expr(my_id, expr);
81 if (!sm)
82 return NULL;
83 if (sm->state == &terminated || sm->state == &unterminated)
84 return sm->state;
85
86 FOR_EACH_PTR(sm->possible, tmp) {
87 if (tmp->state == &unterminated)
88 return &unterminated;
89 } END_FOR_EACH_PTR(tmp);
90
91 return NULL;
223
224 while (call->type == EXPR_ASSIGNMENT)
225 call = strip_expr(call->right);
226 if (call->type != EXPR_CALL)
227 return;
228
229 arg = get_argument_from_call_expr(call->args, param);
230 if (!arg)
231 return;
232 }
233
234 name = get_variable_from_key(arg, key, &sym);
235 if (!name || !sym)
236 goto free;
237
238 set_terminated_var_sym(name, sym, (*value == '1') ? &terminated : &unterminated);
239 free:
240 free_string(name);
241 }
242
243 bool is_nul_terminated(struct expression *expr)
244 {
245 if (get_terminated_state(expr) == &terminated)
246 return 1;
247 return 0;
248 }
249
250 static void match_strnlen_test(struct expression *expr)
251 {
252 struct expression *left, *tmp, *arg;
253 int cnt;
254
255 if (expr->type != EXPR_COMPARE)
256 return;
257 if (expr->op != SPECIAL_EQUAL && expr->op != SPECIAL_NOTEQUAL)
258 return;
259
260 left = strip_expr(expr->left);
261 cnt = 0;
262 while ((tmp = get_assigned_expr(left))) {
|
52
53 if (expr->op != '=')
54 return;
55
56 if (!get_value(expr->right, &sval) || sval.value != 0)
57 return;
58
59 array = get_array_base(expr->left);
60 if (!array)
61 return;
62
63 type = get_type(array);
64 if (!type)
65 return;
66 type = get_real_base_type(type);
67 if (type != &char_ctype)
68 return;
69 set_terminated(array, &terminated);
70 }
71
72 static struct smatch_state *get_terminated_state_var_sym(const char *name, struct symbol *sym)
73 {
74 struct sm_state *sm, *tmp;
75
76 sm = get_sm_state(my_id, name, sym);
77 if (!sm)
78 return NULL;
79 if (sm->state == &terminated || sm->state == &unterminated)
80 return sm->state;
81
82 FOR_EACH_PTR(sm->possible, tmp) {
83 if (tmp->state == &unterminated)
84 return &unterminated;
85 } END_FOR_EACH_PTR(tmp);
86
87 return NULL;
88 }
89
90 static struct smatch_state *get_terminated_state(struct expression *expr)
91 {
92 struct sm_state *sm, *tmp;
93
94 if (!expr)
95 return NULL;
96 if (expr->type == EXPR_STRING)
97 return &terminated;
98 sm = get_sm_state_expr(my_id, expr);
99 if (!sm)
100 return NULL;
101 if (sm->state == &terminated || sm->state == &unterminated)
102 return sm->state;
103
104 FOR_EACH_PTR(sm->possible, tmp) {
105 if (tmp->state == &unterminated)
106 return &unterminated;
107 } END_FOR_EACH_PTR(tmp);
108
109 return NULL;
241
242 while (call->type == EXPR_ASSIGNMENT)
243 call = strip_expr(call->right);
244 if (call->type != EXPR_CALL)
245 return;
246
247 arg = get_argument_from_call_expr(call->args, param);
248 if (!arg)
249 return;
250 }
251
252 name = get_variable_from_key(arg, key, &sym);
253 if (!name || !sym)
254 goto free;
255
256 set_terminated_var_sym(name, sym, (*value == '1') ? &terminated : &unterminated);
257 free:
258 free_string(name);
259 }
260
261 bool is_nul_terminated_var_sym(const char *name, struct symbol *sym)
262 {
263 if (get_terminated_state_var_sym(name, sym) == &terminated)
264 return 1;
265 return 0;
266 }
267
268 bool is_nul_terminated(struct expression *expr)
269 {
270 if (get_terminated_state(expr) == &terminated)
271 return 1;
272 return 0;
273 }
274
275 static void match_strnlen_test(struct expression *expr)
276 {
277 struct expression *left, *tmp, *arg;
278 int cnt;
279
280 if (expr->type != EXPR_COMPARE)
281 return;
282 if (expr->op != SPECIAL_EQUAL && expr->op != SPECIAL_NOTEQUAL)
283 return;
284
285 left = strip_expr(expr->left);
286 cnt = 0;
287 while ((tmp = get_assigned_expr(left))) {
|