11506 smatch resync
1 /* 2 * Copyright (C) 2014 Oracle. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16 */ 17 18 #include "smatch.h" 19 20 static int my_id; 21 22 STATE(too_small); 23 24 static void match_assign(struct expression *expr) 25 { 26 struct symbol *left_type, *right_type; 27 struct expression *size_expr; 28 sval_t min_size; 29 int limit_type; 30 int bytes; 31 32 left_type = get_type(expr->left); 33 if (!left_type || left_type->type != SYM_PTR) 34 return; 35 left_type = get_real_base_type(left_type); 36 if (!left_type || left_type->type != SYM_STRUCT) 37 return; 38 39 right_type = get_type(expr->right); 40 if (!right_type || right_type->type != SYM_PTR) 41 return; 42 right_type = get_real_base_type(right_type); 43 if (!right_type) 44 return; 45 if (right_type != &void_ctype && type_bits(right_type) != 8) 46 return; 47 48 bytes = get_array_size_bytes(expr->right); 49 if (bytes >= type_bytes(left_type)) 50 return; 51 52 size_expr = get_size_variable(expr->right, &limit_type); 53 if (!size_expr) 54 return; 55 if (limit_type != ELEM_COUNT) 56 return; 57 58 get_absolute_min(size_expr, &min_size); 59 if (min_size.value >= type_bytes(left_type)) 60 return; 61 62 set_state_expr(my_id, expr->left, &too_small); 63 } 64 65 static void match_dereferences(struct expression *expr) 66 { 67 struct symbol *left_type; 68 struct expression *right; 69 struct smatch_state *state; 70 char *name; 71 struct expression *size_expr; 72 sval_t min_size; 73 int limit_type; 74 75 if (expr->type != EXPR_PREOP) 76 return; 77 78 expr = strip_expr(expr->unop); 79 state = get_state_expr(my_id, expr); 80 if (state != &too_small) 81 return; 82 83 left_type = get_type(expr); 84 if (!left_type || left_type->type != SYM_PTR) 85 return; 86 left_type = get_real_base_type(left_type); 87 if (!left_type || left_type->type != SYM_STRUCT) 88 return; 89 90 right = get_assigned_expr(expr); 91 size_expr = get_size_variable(right, &limit_type); 92 if (!size_expr) 93 return; 94 if (limit_type != ELEM_COUNT) 95 return; 96 97 get_absolute_min(size_expr, &min_size); 98 if (min_size.value >= type_bytes(left_type)) 99 return; 100 101 name = expr_to_str(right); 102 sm_warning("is '%s' large enough for 'struct %s'? %s", name, left_type->ident ? left_type->ident->name : "<anon>", sval_to_str(min_size)); 103 free_string(name); 104 set_state_expr(my_id, expr, &undefined); 105 } 106 107 void check_buffer_too_small_for_struct(int id) 108 { 109 my_id = id; 110 111 add_hook(&match_assign, ASSIGNMENT_HOOK); 112 add_hook(&match_dereferences, DEREF_HOOK); 113 } --- EOF ---