Print this page
new smatch
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/tools/smatch/src/smatch_nul_terminator.c
+++ new/usr/src/tools/smatch/src/smatch_nul_terminator.c
1 1 /*
2 2 * Copyright (C) 2018 Oracle.
3 3 *
4 4 * This program is free software; you can redistribute it and/or
5 5 * modify it under the terms of the GNU General Public License
6 6 * as published by the Free Software Foundation; either version 2
7 7 * of the License, or (at your option) any later version.
8 8 *
9 9 * This program is distributed in the hope that it will be useful,
10 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 * GNU General Public License for more details.
13 13 *
14 14 * You should have received a copy of the GNU General Public License
15 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 16 */
17 17
18 18 #include "smatch.h"
19 19 #include "smatch_slist.h"
20 20
21 21 static int my_id;
22 22 static int param_set_id;
23 23
24 24 STATE(terminated);
25 25 STATE(unterminated);
26 26 STATE(set);
27 27
28 28 static void set_terminated_var_sym(const char *name, struct symbol *sym, struct smatch_state *state)
29 29 {
30 30 if (get_param_num_from_sym(sym) >= 0)
31 31 set_state(param_set_id, name, sym, &set);
32 32 set_state(my_id, name, sym, state);
33 33 }
34 34
35 35 static void set_terminated(struct expression *expr, struct smatch_state *state)
36 36 {
37 37 struct symbol *sym;
38 38 char *name;
39 39
40 40 name = expr_to_var_sym(expr, &sym);
41 41 if (!name || !sym)
42 42 return;
43 43 set_terminated_var_sym(name, sym, state);
44 44 free_string(name);
45 45 }
46 46
47 47 static void match_nul_assign(struct expression *expr)
48 48 {
49 49 struct expression *array;
50 50 struct symbol *type;
51 51 sval_t sval;
52 52
53 53 if (expr->op != '=')
54 54 return;
55 55
56 56 if (!get_value(expr->right, &sval) || sval.value != 0)
57 57 return;
58 58
59 59 array = get_array_base(expr->left);
60 60 if (!array)
61 61 return;
|
↓ open down ↓ |
61 lines elided |
↑ open up ↑ |
62 62
63 63 type = get_type(array);
64 64 if (!type)
65 65 return;
66 66 type = get_real_base_type(type);
67 67 if (type != &char_ctype)
68 68 return;
69 69 set_terminated(array, &terminated);
70 70 }
71 71
72 +static struct smatch_state *get_terminated_state_var_sym(const char *name, struct symbol *sym)
73 +{
74 + struct sm_state *sm, *tmp;
75 +
76 + sm = get_sm_state(my_id, name, sym);
77 + if (!sm)
78 + return NULL;
79 + if (sm->state == &terminated || sm->state == &unterminated)
80 + return sm->state;
81 +
82 + FOR_EACH_PTR(sm->possible, tmp) {
83 + if (tmp->state == &unterminated)
84 + return &unterminated;
85 + } END_FOR_EACH_PTR(tmp);
86 +
87 + return NULL;
88 +}
89 +
72 90 static struct smatch_state *get_terminated_state(struct expression *expr)
73 91 {
74 92 struct sm_state *sm, *tmp;
75 93
76 94 if (!expr)
77 95 return NULL;
78 96 if (expr->type == EXPR_STRING)
79 97 return &terminated;
80 98 sm = get_sm_state_expr(my_id, expr);
81 99 if (!sm)
82 100 return NULL;
83 101 if (sm->state == &terminated || sm->state == &unterminated)
84 102 return sm->state;
85 103
86 104 FOR_EACH_PTR(sm->possible, tmp) {
87 105 if (tmp->state == &unterminated)
88 106 return &unterminated;
89 107 } END_FOR_EACH_PTR(tmp);
90 108
91 109 return NULL;
92 110 }
93 111
94 112 static void match_string_assign(struct expression *expr)
95 113 {
96 114 struct smatch_state *state;
97 115
98 116 if (expr->op != '=')
99 117 return;
100 118 state = get_terminated_state(expr->right);
101 119 if (!state)
102 120 return;
103 121 set_terminated(expr->left, state);
104 122 }
105 123
106 124 static int sm_to_term(struct sm_state *sm)
107 125 {
108 126 struct sm_state *tmp;
109 127
110 128 if (!sm)
111 129 return -1;
112 130 if (sm->state == &terminated)
113 131 return 1;
114 132
115 133 FOR_EACH_PTR(sm->possible, tmp) {
116 134 if (tmp->state == &unterminated)
117 135 return 0;
118 136 } END_FOR_EACH_PTR(tmp);
119 137
120 138 return -1;
121 139 }
122 140
123 141 static void struct_member_callback(struct expression *call, int param, char *printed_name, struct sm_state *sm)
124 142 {
125 143 int term;
126 144
127 145 term = sm_to_term(sm);
128 146 if (term < 0)
129 147 return;
130 148
131 149 sql_insert_caller_info(call, TERMINATED, param, printed_name, term ? "1" : "0");
132 150 }
133 151
134 152 static void match_call_info(struct expression *expr)
135 153 {
136 154 struct smatch_state *state;
137 155 struct expression *arg;
138 156 int i;
139 157
140 158 i = -1;
141 159 FOR_EACH_PTR(expr->args, arg) {
142 160 i++;
143 161
144 162 state = get_terminated_state(arg);
145 163 if (!state)
146 164 continue;
147 165 sql_insert_caller_info(expr, TERMINATED, i, "$",
148 166 (state == &terminated) ? "1" : "0");
149 167 } END_FOR_EACH_PTR(arg);
150 168 }
151 169
152 170 static void caller_info_terminated(const char *name, struct symbol *sym, char *key, char *value)
153 171 {
154 172 char fullname[256];
155 173
156 174 if (strcmp(key, "*$") == 0)
157 175 snprintf(fullname, sizeof(fullname), "*%s", name);
158 176 else if (strncmp(key, "$", 1) == 0)
159 177 snprintf(fullname, 256, "%s%s", name, key + 1);
160 178 else
161 179 return;
162 180
163 181 set_state(my_id, fullname, sym, (*value == '1') ? &terminated : &unterminated);
164 182 }
165 183
166 184 static void split_return_info(int return_id, char *return_ranges, struct expression *expr)
167 185 {
168 186 struct symbol *returned_sym;
169 187 struct sm_state *tmp, *sm;
170 188 const char *param_name;
171 189 int param;
172 190 int term;
173 191
174 192 FOR_EACH_MY_SM(param_set_id, __get_cur_stree(), tmp) {
175 193 sm = get_sm_state(my_id, tmp->name, tmp->sym);
176 194 if (!sm)
177 195 continue;
178 196 term = sm_to_term(sm);
179 197 if (term < 0)
180 198 continue;
181 199 param = get_param_num_from_sym(tmp->sym);
182 200 if (param < 0)
183 201 continue;
184 202
185 203 param_name = get_param_name(sm);
186 204 if (!param_name)
187 205 continue;
188 206 if (strcmp(param_name, "$") == 0)
189 207 continue;
190 208
191 209 sql_insert_return_states(return_id, return_ranges, TERMINATED,
192 210 param, param_name, term ? "1" : "0");
193 211 } END_FOR_EACH_SM(tmp);
194 212
195 213 returned_sym = expr_to_sym(expr);
196 214 if (!returned_sym)
197 215 return;
198 216
199 217 FOR_EACH_MY_SM(my_id, __get_cur_stree(), sm) {
200 218 if (sm->sym != returned_sym)
201 219 continue;
202 220 term = sm_to_term(sm);
203 221 if (term < 0)
204 222 continue;
205 223 param_name = get_param_name(sm);
206 224 if (!param_name)
207 225 continue;
208 226 sql_insert_return_states(return_id, return_ranges, TERMINATED,
209 227 -1, param_name, term ? "1" : "0");
210 228 } END_FOR_EACH_SM(sm);
211 229 }
212 230
213 231 static void return_info_terminated(struct expression *expr, int param, char *key, char *value)
214 232 {
215 233 struct expression *arg;
216 234 char *name;
217 235 struct symbol *sym;
218 236
219 237 if (param == -1) {
220 238 arg = expr->left;
221 239 } else {
222 240 struct expression *call = expr;
223 241
224 242 while (call->type == EXPR_ASSIGNMENT)
225 243 call = strip_expr(call->right);
226 244 if (call->type != EXPR_CALL)
227 245 return;
228 246
229 247 arg = get_argument_from_call_expr(call->args, param);
230 248 if (!arg)
231 249 return;
232 250 }
|
↓ open down ↓ |
151 lines elided |
↑ open up ↑ |
233 251
234 252 name = get_variable_from_key(arg, key, &sym);
235 253 if (!name || !sym)
236 254 goto free;
237 255
238 256 set_terminated_var_sym(name, sym, (*value == '1') ? &terminated : &unterminated);
239 257 free:
240 258 free_string(name);
241 259 }
242 260
261 +bool is_nul_terminated_var_sym(const char *name, struct symbol *sym)
262 +{
263 + if (get_terminated_state_var_sym(name, sym) == &terminated)
264 + return 1;
265 + return 0;
266 +}
267 +
243 268 bool is_nul_terminated(struct expression *expr)
244 269 {
245 270 if (get_terminated_state(expr) == &terminated)
246 271 return 1;
247 272 return 0;
248 273 }
249 274
250 275 static void match_strnlen_test(struct expression *expr)
251 276 {
252 277 struct expression *left, *tmp, *arg;
253 278 int cnt;
254 279
255 280 if (expr->type != EXPR_COMPARE)
256 281 return;
257 282 if (expr->op != SPECIAL_EQUAL && expr->op != SPECIAL_NOTEQUAL)
258 283 return;
259 284
260 285 left = strip_expr(expr->left);
261 286 cnt = 0;
262 287 while ((tmp = get_assigned_expr(left))) {
263 288 if (cnt++ > 3)
264 289 break;
265 290 left = tmp;
266 291 }
267 292
268 293 if (left->type != EXPR_CALL)
269 294 return;
270 295 if (!sym_name_is("strnlen", left->fn))
271 296 return;
272 297 arg = get_argument_from_call_expr(left->args, 0);
273 298 set_true_false_states_expr(my_id, arg,
274 299 (expr->op == SPECIAL_EQUAL) ? &terminated : NULL,
275 300 (expr->op == SPECIAL_NOTEQUAL) ? &terminated : NULL);
276 301 if (get_param_num(arg) >= 0)
277 302 set_true_false_states_expr(param_set_id, arg,
278 303 (expr->op == SPECIAL_EQUAL) ? &terminated : NULL,
279 304 (expr->op == SPECIAL_NOTEQUAL) ? &terminated : NULL);
280 305 }
281 306
282 307 void register_nul_terminator(int id)
283 308 {
284 309 my_id = id;
285 310
286 311 add_hook(&match_nul_assign, ASSIGNMENT_HOOK);
287 312 add_hook(&match_string_assign, ASSIGNMENT_HOOK);
288 313
289 314 add_hook(&match_call_info, FUNCTION_CALL_HOOK);
290 315 add_member_info_callback(my_id, struct_member_callback);
291 316 add_split_return_callback(&split_return_info);
292 317
293 318 select_caller_info_hook(caller_info_terminated, TERMINATED);
294 319 select_return_states_hook(TERMINATED, return_info_terminated);
295 320
296 321 add_hook(&match_strnlen_test, CONDITION_HOOK);
297 322 }
298 323
299 324 void register_nul_terminator_param_set(int id)
300 325 {
301 326 param_set_id = id;
302 327 }
|
↓ open down ↓ |
50 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX