264 return;
265
266 data = get_constraint_str(state->data);
267 if (!data)
268 return;
269
270 limit = get_constraint_str(expr->left);
271 if (!limit)
272 goto free_data;
273
274 sql_save_constraint_required(data, '<', limit);
275
276 free_string(limit);
277 free_data:
278 free_string(data);
279 }
280
281 static void match_assign_has_buf_comparison(struct expression *expr)
282 {
283 struct expression *size;
284
285 if (expr->op != '=')
286 return;
287 if (expr->right->type == EXPR_CALL)
288 return;
289 size = get_size_variable(expr->right);
290 if (!size)
291 return;
292 match_alloc_helper(expr->left, size, 1);
293 }
294
295 static void match_assign_data(struct expression *expr)
296 {
297 struct expression *right, *arg, *tmp;
298 int i;
299 int size_arg;
300 int size_arg2 = -1;
301
302 if (expr->op != '=')
303 return;
304
305 /* Direct calls are handled else where (for now at least) */
306 tmp = get_assigned_expr(expr->right);
307 if (!tmp)
308 return;
309
310 right = strip_expr(tmp);
311 if (right->type != EXPR_CALL)
438 return;
439
440 left = get_constraint_str(expr->left);
441 if (!left)
442 return;
443 right = get_constraint_str(expr->right);
444 if (!right)
445 goto free;
446 if (!has_constraint(expr->right, right))
447 return;
448 sql_copy_constraint_required(left, right);
449 free:
450 free_string(right);
451 free_string(left);
452 }
453
454 void register_constraints_required(int id)
455 {
456 my_id = id;
457
458 add_hook(&match_assign_size, ASSIGNMENT_HOOK);
459 add_hook(&match_assign_data, ASSIGNMENT_HOOK);
460 add_hook(&match_assign_has_buf_comparison, ASSIGNMENT_HOOK);
461
462 add_hook(&match_assign_ARRAY_SIZE, ASSIGNMENT_HOOK);
463 add_hook(&match_assign_ARRAY_SIZE, GLOBAL_ASSIGNMENT_HOOK);
464 add_hook(&match_assign_buf_comparison, ASSIGNMENT_HOOK);
465 add_hook(&match_assign_constraint, ASSIGNMENT_HOOK);
466
467 add_allocation_function("malloc", &match_alloc, 0);
468 add_allocation_function("memdup", &match_alloc, 1);
469 add_allocation_function("realloc", &match_alloc, 1);
470 add_allocation_function("realloc", &match_calloc, 0);
471 if (option_project == PROJ_KERNEL) {
472 add_allocation_function("kmalloc", &match_alloc, 0);
473 add_allocation_function("kzalloc", &match_alloc, 0);
474 add_allocation_function("vmalloc", &match_alloc, 0);
475 add_allocation_function("__vmalloc", &match_alloc, 0);
476 add_allocation_function("vzalloc", &match_alloc, 0);
477 add_allocation_function("sock_kmalloc", &match_alloc, 1);
|
264 return;
265
266 data = get_constraint_str(state->data);
267 if (!data)
268 return;
269
270 limit = get_constraint_str(expr->left);
271 if (!limit)
272 goto free_data;
273
274 sql_save_constraint_required(data, '<', limit);
275
276 free_string(limit);
277 free_data:
278 free_string(data);
279 }
280
281 static void match_assign_has_buf_comparison(struct expression *expr)
282 {
283 struct expression *size;
284 int limit_type;
285
286 if (expr->op != '=')
287 return;
288 if (expr->right->type == EXPR_CALL)
289 return;
290 size = get_size_variable(expr->right, &limit_type);
291 if (!size)
292 return;
293 if (limit_type != ELEM_COUNT)
294 return;
295 match_alloc_helper(expr->left, size, 1);
296 }
297
298 static void match_assign_data(struct expression *expr)
299 {
300 struct expression *right, *arg, *tmp;
301 int i;
302 int size_arg;
303 int size_arg2 = -1;
304
305 if (expr->op != '=')
306 return;
307
308 /* Direct calls are handled else where (for now at least) */
309 tmp = get_assigned_expr(expr->right);
310 if (!tmp)
311 return;
312
313 right = strip_expr(tmp);
314 if (right->type != EXPR_CALL)
441 return;
442
443 left = get_constraint_str(expr->left);
444 if (!left)
445 return;
446 right = get_constraint_str(expr->right);
447 if (!right)
448 goto free;
449 if (!has_constraint(expr->right, right))
450 return;
451 sql_copy_constraint_required(left, right);
452 free:
453 free_string(right);
454 free_string(left);
455 }
456
457 void register_constraints_required(int id)
458 {
459 my_id = id;
460
461 set_dynamic_states(my_id);
462 add_hook(&match_assign_size, ASSIGNMENT_HOOK);
463 add_hook(&match_assign_data, ASSIGNMENT_HOOK);
464 add_hook(&match_assign_has_buf_comparison, ASSIGNMENT_HOOK);
465
466 add_hook(&match_assign_ARRAY_SIZE, ASSIGNMENT_HOOK);
467 add_hook(&match_assign_ARRAY_SIZE, GLOBAL_ASSIGNMENT_HOOK);
468 add_hook(&match_assign_buf_comparison, ASSIGNMENT_HOOK);
469 add_hook(&match_assign_constraint, ASSIGNMENT_HOOK);
470
471 add_allocation_function("malloc", &match_alloc, 0);
472 add_allocation_function("memdup", &match_alloc, 1);
473 add_allocation_function("realloc", &match_alloc, 1);
474 add_allocation_function("realloc", &match_calloc, 0);
475 if (option_project == PROJ_KERNEL) {
476 add_allocation_function("kmalloc", &match_alloc, 0);
477 add_allocation_function("kzalloc", &match_alloc, 0);
478 add_allocation_function("vmalloc", &match_alloc, 0);
479 add_allocation_function("__vmalloc", &match_alloc, 0);
480 add_allocation_function("vzalloc", &match_alloc, 0);
481 add_allocation_function("sock_kmalloc", &match_alloc, 1);
|