From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 14 Dec 2012 11:57:46 +0000 (+0300)
Subject: pointer_math: check for (int *)p += sizeof(int);
X-Git-Tag: 1.57~121
X-Git-Url: https://repo.or.cz/w/smatch.git/commitdiff_plain/3cefb266242450008ccf35b11c1422338451e2c8

pointer_math: check for (int *)p += sizeof(int);

This finds two bugs in staging.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---

diff --git a/check_pointer_math.c b/check_pointer_math.c
index 39a4da38..105dd36b 100644
--- a/check_pointer_math.c
+++ b/check_pointer_math.c
@@ -85,10 +85,29 @@ static void match_assign(struct expression *expr)
 	set_state_expr(my_id, expr->left, &size_in_bytes);
 }
 
+static void check_assign(struct expression *expr)
+{
+	struct symbol *type;
+	char *name;
+
+	type = get_pointer_type(expr->left);
+	if (!type)
+		return;
+	if (type_bits(type) == 8 || type_bits(type) == -1)
+		return;
+	if (!is_size_in_bytes(expr->right))
+		return;
+	name = get_variable_from_expr(expr->left, NULL);
+	sm_msg("warn: potential pointer math issue ('%s' is a %d bit pointer)",
+	       name, type_bits(type));
+	free_string(name);
+}
+
 void check_pointer_math(int id)
 {
 	my_id = id;
 	add_hook(&match_binop, BINOP_HOOK);
 	add_hook(&match_assign, ASSIGNMENT_HOOK);
+	add_hook(&check_assign, ASSIGNMENT_HOOK);
 	add_modification_hook(my_id, &set_undefined);
 }