2 * Copyright (C) 2015 Oracle.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
19 * The point here is to store that a buffer has x bytes even if we don't know
25 #include "smatch_slist.h"
26 #include "smatch_extra.h"
30 static void array_check(struct expression
*expr
)
32 struct expression
*array
;
33 struct expression
*size
;
34 struct expression
*offset
;
35 char *array_str
, *offset_str
;
37 expr
= strip_expr(expr
);
41 array
= get_array_base(expr
);
42 size
= get_size_variable(array
);
45 offset
= get_array_offset(expr
);
46 if (!possible_comparison(size
, SPECIAL_EQUAL
, offset
))
49 array_str
= expr_to_str(array
);
50 offset_str
= expr_to_str(offset
);
51 sm_warning("potentially one past the end of array '%s[%s]'", array_str
, offset_str
);
52 free_string(array_str
);
53 free_string(offset_str
);
56 static int known_access_ok_comparison(struct expression
*expr
)
58 struct expression
*array
;
59 struct expression
*size
;
60 struct expression
*offset
;
63 array
= get_array_base(expr
);
64 size
= get_size_variable(array
);
67 offset
= get_array_offset(expr
);
68 comparison
= get_comparison(size
, offset
);
69 if (comparison
== '>' || comparison
== SPECIAL_UNSIGNED_GT
)
75 static int known_access_ok_numbers(struct expression
*expr
)
77 struct expression
*array
;
78 struct expression
*offset
;
82 array
= get_array_base(expr
);
83 offset
= get_array_offset(expr
);
85 size
= get_array_size(array
);
89 get_absolute_max(offset
, &max
);
90 if (max
.uvalue
< size
)
95 static void array_check_data_info(struct expression
*expr
)
97 struct expression
*array
;
98 struct expression
*offset
;
99 struct state_list
*slist
;
101 struct compare_data
*comp
;
103 const char *equal_name
= NULL
;
105 expr
= strip_expr(expr
);
109 if (known_access_ok_numbers(expr
))
111 if (known_access_ok_comparison(expr
))
114 array
= get_array_base(expr
);
115 offset
= get_array_offset(expr
);
116 offset_name
= expr_to_var(offset
);
119 slist
= get_all_possible_equal_comparisons(offset
);
123 FOR_EACH_PTR(slist
, sm
) {
124 comp
= sm
->state
->data
;
125 if (strcmp(comp
->left_var
, offset_name
) == 0) {
126 if (db_var_is_array_limit(array
, comp
->right_var
, comp
->right_vsl
)) {
127 equal_name
= comp
->right_var
;
130 } else if (strcmp(comp
->right_var
, offset_name
) == 0) {
131 if (db_var_is_array_limit(array
, comp
->left_var
, comp
->left_vsl
)) {
132 equal_name
= comp
->left_var
;
136 } END_FOR_EACH_PTR(sm
);
139 char *array_name
= expr_to_str(array
);
141 sm_warning("potential off by one '%s[]' limit '%s'", array_name
, equal_name
);
142 free_string(array_name
);
147 free_string(offset_name
);
150 void check_off_by_one_relative(int id
)
154 add_hook(&array_check
, OP_HOOK
);
155 add_hook(&array_check_data_info
, OP_HOOK
);