1 /* 2 * Copyright (C) 2013 Oracle. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16 */ 17 18 #include "scope.h" 19 #include "smatch.h" 20 #include "smatch_extra.h" 21 22 static int match_strlen(struct expression *call, void *unused, struct range_list **rl) 23 { 24 struct expression *str; 25 unsigned long max; 26 27 str = get_argument_from_call_expr(call->args, 0); 28 if (get_implied_strlen(str, rl) && sval_is_positive(rl_min(*rl))) { 29 *rl = cast_rl(&ulong_ctype, *rl); 30 return 1; 31 } 32 /* smatch_strlen.c is not very complete */ 33 max = get_array_size_bytes_max(str); 34 if (max == 0) { 35 *rl = alloc_rl(sval_type_val(&ulong_ctype, 0), 36 sval_type_val(&ulong_ctype, STRLEN_MAX_RET)); 37 } else { 38 max--; 39 *rl = alloc_rl(sval_type_val(&ulong_ctype, 0), 40 sval_type_val(&ulong_ctype, max)); 41 } 42 return 1; 43 } 44 45 static int match_strnlen(struct expression *call, void *unused, struct range_list **rl) 46 { 47 struct expression *limit; 48 sval_t fixed; 49 sval_t bound; 50 sval_t ulong_max = sval_type_val(&ulong_ctype, ULONG_MAX); 51 52 match_strlen(call, NULL, rl); 53 limit = get_argument_from_call_expr(call->args, 1); 54 if (!get_implied_max(limit, &bound)) 55 return 1; 56 if (sval_cmp(bound, ulong_max) == 0) 57 return 1; 58 if (rl_to_sval(*rl, &fixed) && sval_cmp(fixed, bound) >= 0) { 59 *rl = alloc_rl(bound, bound); 60 return 1; 61 } 62 63 bound.value++; 64 *rl = remove_range(*rl, bound, ulong_max); 65 66 return 1; 67 } 68 69 static int match_sprintf(struct expression *call, void *_arg, struct range_list **rl) 70 { 71 int str_arg = PTR_INT(_arg); 72 int min, max; 73 74 min = get_formatted_string_min_size(call, str_arg); 75 max = get_formatted_string_size(call, str_arg); 76 if (min < 0 || max < 0) { 77 *rl = alloc_whole_rl(&ulong_ctype); 78 } else { 79 *rl = alloc_rl(ll_to_sval(min), ll_to_sval(max)); 80 *rl = cast_rl(get_type(call), *rl); 81 } 82 return 1; 83 } 84 85 void register_common_functions(int id) 86 { 87 /* 88 * When you add a new function here, then don't forget to delete it from 89 * the database and smatch_data/. 90 */ 91 add_implied_return_hook("strlen", &match_strlen, NULL); 92 add_implied_return_hook("strnlen", &match_strnlen, NULL); 93 add_implied_return_hook("sprintf", &match_sprintf, INT_PTR(1)); 94 add_implied_return_hook("snprintf", &match_sprintf, INT_PTR(2)); 95 } 96