1 /* 2 * Copyright (C) 2014 Oracle. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16 */ 17 18 #include "smatch.h" 19 20 static int my_id; 21 22 STATE(too_small); 23 24 static void match_assign(struct expression *expr) 25 { 26 struct symbol *left_type, *right_type; 27 struct expression *size_expr; 28 sval_t min_size; 29 30 left_type = get_type(expr->left); 31 if (!left_type || left_type->type != SYM_PTR) 32 return; 33 left_type = get_real_base_type(left_type); 34 if (!left_type || left_type->type != SYM_STRUCT) 35 return; 36 37 right_type = get_type(expr->right); 38 if (!right_type || right_type->type != SYM_PTR) 39 return; 40 right_type = get_real_base_type(right_type); 41 if (!right_type) 42 return; 43 if (right_type != &void_ctype && type_bits(right_type) != 8) 44 return; 45 46 size_expr = get_size_variable(expr->right); 47 if (!size_expr) 48 return; 49 50 get_absolute_min(size_expr, &min_size); 51 if (min_size.value >= type_bytes(left_type)) 52 return; 53 54 set_state_expr(my_id, expr->left, &too_small); 55 } 56 57 static void match_dereferences(struct expression *expr) 58 { 59 struct symbol *left_type; 60 struct expression *right; 61 struct smatch_state *state; 62 char *name; 63 struct expression *size_expr; 64 sval_t min_size; 65 66 if (expr->type != EXPR_PREOP) 67 return; 68 69 expr = strip_expr(expr->unop); 70 state = get_state_expr(my_id, expr); 71 if (state != &too_small) 72 return; 73 74 left_type = get_type(expr); 75 if (!left_type || left_type->type != SYM_PTR) 76 return; 77 left_type = get_real_base_type(left_type); 78 if (!left_type || left_type->type != SYM_STRUCT) 79 return; 80 81 right = get_assigned_expr(expr); 82 size_expr = get_size_variable(right); 83 if (!size_expr) 84 return; 85 86 get_absolute_min(size_expr, &min_size); 87 if (min_size.value >= type_bytes(left_type)) 88 return; 89 90 name = expr_to_str(right); 91 sm_warning("is '%s' large enough for 'struct %s'? %s", name, left_type->ident ? left_type->ident->name : "<anon>", sval_to_str(min_size)); 92 free_string(name); 93 set_state_expr(my_id, expr, &undefined); 94 } 95 96 void check_buffer_too_small_for_struct(int id) 97 { 98 my_id = id; 99 100 add_hook(&match_assign, ASSIGNMENT_HOOK); 101 add_hook(&match_dereferences, DEREF_HOOK); 102 } 103