Print this page
11506 smatch resync
*** 328,339 ****
static int get_bytes_from_address(struct expression *expr)
{
struct symbol *type;
int ret;
- if (!option_spammy)
- return 0;
if (expr->type != EXPR_PREOP || expr->op != '&')
return 0;
type = get_type(expr);
if (!type)
return 0;
--- 328,337 ----
*** 504,513 ****
--- 502,515 ----
if (size <= 0)
return NULL;
return alloc_int_rl(size - offset.value);
}
+ size = get_stored_size_end_struct_bytes(expr);
+ if (size)
+ return alloc_int_rl(size);
+
/* buf[4] */
size = get_real_array_size(expr);
if (size)
return alloc_int_rl(elements_to_bytes(expr, size));
*** 514,527 ****
/* buf = malloc(1024); */
ret = get_stored_size_bytes(expr);
if (ret)
return ret;
- size = get_stored_size_end_struct_bytes(expr);
- if (size)
- return alloc_int_rl(size);
-
/* char *foo = "BAR" */
size = get_size_from_initializer(expr);
if (size)
return alloc_int_rl(elements_to_bytes(expr, size));
--- 516,525 ----
*** 709,729 ****
}
static void match_calloc(const char *fn, struct expression *expr, void *unused)
{
struct expression *right;
! struct expression *arg;
! sval_t elements;
! sval_t size;
right = strip_expr(expr->right);
! arg = get_argument_from_call_expr(right->args, 0);
! if (!get_implied_value(arg, &elements))
! return; // FIXME!!!
! arg = get_argument_from_call_expr(right->args, 1);
! if (get_implied_value(arg, &size))
! store_alloc(expr->left, size_to_rl(elements.value * size.value));
else
store_alloc(expr->left, size_to_rl(-1));
}
static void match_page(const char *fn, struct expression *expr, void *_unused)
--- 707,725 ----
}
static void match_calloc(const char *fn, struct expression *expr, void *unused)
{
struct expression *right;
! struct expression *size, *nr, *mult;
! struct range_list *rl;
right = strip_expr(expr->right);
! nr = get_argument_from_call_expr(right->args, 0);
! size = get_argument_from_call_expr(right->args, 1);
! mult = binop_expression(nr, '*', size);
! if (get_implied_rl(mult, &rl))
! store_alloc(expr->left, rl);
else
store_alloc(expr->left, size_to_rl(-1));
}
static void match_page(const char *fn, struct expression *expr, void *_unused)
*** 871,880 ****
--- 867,878 ----
void register_buf_size(int id)
{
my_size_id = id;
+ set_dynamic_states(my_size_id);
+
add_unmatched_state_hook(my_size_id, &unmatched_size_state);
select_caller_info_hook(set_param_buf_size, BUF_SIZE);
select_return_states_hook(BUF_SIZE, &db_returns_buf_size);
add_split_return_callback(print_returned_allocations);
*** 906,915 ****
--- 904,916 ----
add_allocation_function("krealloc", &match_alloc, 1);
add_allocation_function("__alloc_bootmem", &match_alloc, 0);
add_allocation_function("alloc_bootmem", &match_alloc, 0);
add_allocation_function("kmap", &match_page, 0);
add_allocation_function("get_zeroed_page", &match_page, 0);
+ add_allocation_function("alloc_page", &match_page, 0);
+ add_allocation_function("page_address", &match_page, 0);
+ add_allocation_function("lowmem_page_address", &match_page, 0);
add_allocation_function("alloc_pages", &match_alloc_pages, 1);
add_allocation_function("alloc_pages_current", &match_alloc_pages, 1);
add_allocation_function("__get_free_pages", &match_alloc_pages, 1);
}