fill_db_untrusted: follow untrusted data down the call tree
[smatch.git] / check_kmalloc_to_bugon.c
blob90d6684ebbd611912fbf5883b67db2e36f7199a3
1 /*
2 * smatch/check_kmalloc_to_bugon.c
4 * Copyright (C) 2010 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
8 */
10 #include "smatch.h"
12 static int my_id;
14 extern int check_assigned_expr_id;
16 static int is_kmalloc_call(struct expression *expr)
18 if (expr->type != EXPR_CALL)
19 return 0;
20 if (expr->fn->type != EXPR_SYMBOL)
21 return 0;
22 if (!strcmp(expr->fn->symbol_name->name, "kmalloc"))
23 return 1;
24 if (!strcmp(expr->fn->symbol_name->name, "kzalloc"))
25 return 1;
26 return 0;
29 static void match_condition(struct expression *expr)
31 char *macro;
32 struct smatch_state *state;
33 struct expression *right;
34 char *name;
36 macro = get_macro_name(&expr->pos);
37 if (!macro || strcmp(macro, "BUG_ON") != 0)
38 return;
39 state = get_state_expr(check_assigned_expr_id, expr);
40 if (!state || !state->data)
41 return;
42 right = (struct expression *)state->data;
43 if (!is_kmalloc_call(right))
44 return;
46 name = get_variable_from_expr(expr, NULL);
47 sm_msg("warn: bug on allocation failure '%s'", name);
48 free_string(name);
51 void check_kmalloc_to_bugon(int id)
53 if (option_project != PROJ_KERNEL)
54 return;
55 if (!option_spammy)
56 return;
57 my_id = id;
58 add_hook(&match_condition, CONDITION_HOOK);