search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
user_data: kstrtoul() and friends should taint data as untrusted
[smatch.git] / char.c
blob08ca22305ef9057735ce35d54783de8c20ffa85c
1 #include <string.h>
2 #include "target.h"
3 #include "lib.h"
4 #include "allocate.h"
5 #include "token.h"
6 #include "expression.h"
7
8 static const char *parse_escape(const char *p, unsigned *val, const char *end, int bits, struct position pos)
9 {
10 unsigned c = *p++;
11 unsigned d;
12 if (c != '\\') {
13 *val = c;
14 return p;
15 }
16
17 c = *p++;
18 switch (c) {
19 case 'a': c = '\a'; break;
20 case 'b': c = '\b'; break;
21 case 't': c = '\t'; break;
22 case 'n': c = '\n'; break;
23 case 'v': c = '\v'; break;
24 case 'f': c = '\f'; break;
25 case 'r': c = '\r'; break;
26 case 'e': c = '\e'; break;
27 case 'x': {
28 unsigned mask = -(1U << (bits - 4));
29 for (c = 0; p < end; c = (c << 4) + d) {
30 d = hexval(*p);
31 if (d > 16)
32 break;
33 p++;
34 if (c & mask) {
35 warning(pos,
36 "hex escape sequence out of range");
37 mask = 0;
38 }
39 }
40 break;
41 }
42 case '0'...'7': {
43 if (p + 2 < end)
44 end = p + 2;
45 c -= '0';
46 while (p < end && (d = *p - '0') < 8) {
47 c = (c << 3) + d;
48 p++;
49 }
50 if ((c & 0400) && bits < 9)
51 warning(pos,
52 "octal escape sequence out of range");
53 break;
54 }
55 default: /* everything else is left as is */
56 break;
57 }
58 *val = c & ~((~0U << (bits - 1)) << 1);
59 return p;
60 }
61
62 void get_char_constant(struct token *token, unsigned long long *val)
63 {
64 const char *p = token->embedded, *end;
65 unsigned v;
66 int type = token_type(token);
67 switch (type) {
68 case TOKEN_CHAR:
69 case TOKEN_WIDE_CHAR:
70 p = token->string->data;
71 end = p + token->string->length - 1;
72 break;
73 case TOKEN_CHAR_EMBEDDED_0 ... TOKEN_CHAR_EMBEDDED_3:
74 end = p + type - TOKEN_CHAR;
75 break;
76 default:
77 end = p + type - TOKEN_WIDE_CHAR;
78 }
79 p = parse_escape(p, &v, end,
80 type < TOKEN_WIDE_CHAR ? bits_in_char : 32, token->pos);
81 if (p != end)
82 warning(token->pos,
83 "multi-character character constant");
84 *val = v;
85 }
86
87 struct token *get_string_constant(struct token *token, struct expression *expr)
88 {
89 struct string *string = token->string;
90 struct token *next = token->next, *done = NULL;
91 int stringtype = token_type(token);
92 int is_wide = stringtype == TOKEN_WIDE_STRING;
93 static char buffer[MAX_STRING];
94 int len = 0;
95 int bits;
96
97 while (!done) {
98 switch (token_type(next)) {
99 case TOKEN_WIDE_STRING:
100 is_wide = 1;
101 case TOKEN_STRING:
102 next = next->next;
103 break;
104 default:
105 done = next;
106 }
107 }
108 bits = is_wide ? 32 : bits_in_char;
109 while (token != done) {
110 unsigned v;
111 const char *p = token->string->data;
112 const char *end = p + token->string->length - 1;
113 while (p < end) {
114 p = parse_escape(p, &v, end, bits, token->pos);
115 if (len < MAX_STRING)
116 buffer[len] = v;
117 len++;
118 }
119 token = token->next;
120 }
121 if (len > MAX_STRING) {
122 warning(token->pos, "trying to concatenate %d-character string (%d bytes max)", len, MAX_STRING);
123 len = MAX_STRING;
124 }
125
126 if (len >= string->length) /* can't cannibalize */
127 string = __alloc_string(len+1);
128 string->length = len+1;
129 memcpy(string->data, buffer, len);
130 string->data[len] = '\0';
131 expr->string = string;
132 expr->wide = is_wide;
133 return token;
134 }
Static analysis for C