extra: Fix segmentation fault in match_assign
[smatch.git] / check_info_leak.c
blobcd6906a1794c0045539104fc22f94bfa8cad4ed4
1 /*
2 * smatch/check_info_leak.c
4 * Copyright (C) 2010 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
8 */
10 #include "smatch.h"
11 #include "smatch_slist.h"
13 static int my_id;
15 STATE(alloced);
16 STATE(string);
18 static char *my_get_variable(struct expression *expr, struct symbol **sym)
20 char *name;
22 name = expr_to_var_sym(expr, sym);
23 free_string(name);
24 if (!name || !*sym)
25 return NULL;
27 return (*sym)->ident->name;
30 static void match_kmalloc(const char *fn, struct expression *expr, void *unused)
32 char *name;
33 struct symbol *sym;
35 name = my_get_variable(expr->left, &sym);
36 if (!name)
37 return;
38 set_state(my_id, name, sym, &alloced);
41 static void match_strcpy(const char *fn, struct expression *expr, void *unused)
43 struct expression *dest;
44 char *name;
45 struct symbol *sym;
47 dest = get_argument_from_call_expr(expr->args, 0);
48 name = my_get_variable(dest, &sym);
49 if (!name || !sym)
50 return;
51 if (!get_state(my_id, name, sym))
52 return;
53 set_state(my_id, name, sym, &string);
56 static void match_copy_to_user(const char *fn, struct expression *expr, void *unused)
58 struct expression *src;
59 char *name;
60 struct symbol *sym;
61 struct sm_state *sm;
63 src = get_argument_from_call_expr(expr->args, 1);
64 name = my_get_variable(src, &sym);
65 if (!name || !sym)
66 return;
67 sm = get_sm_state(my_id, name, sym);
68 if (!sm || !slist_has_state(sm->possible, &string))
69 return;
70 name = expr_to_var(src);
71 sm_msg("warn: possible info leak '%s'", name);
72 free_string(name);
75 void check_info_leak(int id)
77 if (option_project != PROJ_KERNEL)
78 return;
79 my_id = id;
80 add_function_assign_hook("kmalloc", &match_kmalloc, NULL);
81 add_function_hook("strcpy", &match_strcpy, NULL);
82 add_function_hook("strlcpy", &match_strcpy, NULL);
83 add_function_hook("strlcat", &match_strcpy, NULL);
84 add_function_hook("strncpy", &match_strcpy, NULL);
85 add_function_hook("copy_to_user", &match_copy_to_user, NULL);