illumos-gate Cdiff usr/src/tools/smatch/src/check_off_by_one

Print this page

11506 smatch resync


*** 31,79 ****
  {
          struct expression *array;
          struct expression *size;
          struct expression *offset;
          char *array_str, *offset_str;
  
          expr = strip_expr(expr);
          if (!is_array(expr))
                  return;
  
          array = get_array_base(expr);
!         size = get_size_variable(array);
!         if (!size)
                  return;
          offset = get_array_offset(expr);
          if (!possible_comparison(size, SPECIAL_EQUAL, offset))
                  return;
  
          array_str = expr_to_str(array);
          offset_str = expr_to_str(offset);
          sm_warning("potentially one past the end of array '%s[%s]'", array_str, offset_str);
          free_string(array_str);
          free_string(offset_str);
  }
  
- static int known_access_ok_comparison(struct expression *expr)
- {
-         struct expression *array;
-         struct expression *size;
-         struct expression *offset;
-         int comparison;
- 
-         array = get_array_base(expr);
-         size = get_size_variable(array);
-         if (!size)
-                 return 0;
-         offset = get_array_offset(expr);
-         comparison = get_comparison(size, offset);
-         if (comparison == '>' || comparison == SPECIAL_UNSIGNED_GT)
-                 return 1;
- 
-         return 0;
- }
- 
  static int known_access_ok_numbers(struct expression *expr)
  {
          struct expression *array;
          struct expression *offset;
          sval_t max;
--- 31,64 ----
  {
          struct expression *array;
          struct expression *size;
          struct expression *offset;
          char *array_str, *offset_str;
+         int limit_type;
  
          expr = strip_expr(expr);
          if (!is_array(expr))
                  return;
  
          array = get_array_base(expr);
!         size = get_size_variable(array, &limit_type);
!         if (!size || limit_type != ELEM_COUNT)
                  return;
          offset = get_array_offset(expr);
          if (!possible_comparison(size, SPECIAL_EQUAL, offset))
                  return;
  
+         if (buf_comparison_index_ok(expr))
+                 return;
+ 
          array_str = expr_to_str(array);
          offset_str = expr_to_str(offset);
          sm_warning("potentially one past the end of array '%s[%s]'", array_str, offset_str);
          free_string(array_str);
          free_string(offset_str);
  }
  
  static int known_access_ok_numbers(struct expression *expr)
  {
          struct expression *array;
          struct expression *offset;
          sval_t max;
*** 106,116 ****
          if (!is_array(expr))
                  return;
  
          if (known_access_ok_numbers(expr))
                  return;
!         if (known_access_ok_comparison(expr))
                  return;
  
          array = get_array_base(expr);
          offset = get_array_offset(expr);
          offset_name = expr_to_var(offset);
--- 91,101 ----
          if (!is_array(expr))
                  return;
  
          if (known_access_ok_numbers(expr))
                  return;
!         if (buf_comparison_index_ok(expr))
                  return;
  
          array = get_array_base(expr);
          offset = get_array_offset(expr);
          offset_name = expr_to_var(offset);