check_signed_integer_overflow_check.c

   1 /*
   2  * Copyright (C) 2014 Oracle.
   3  *
   4  * This program is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU General Public License
   6  * as published by the Free Software Foundation; either version 2
   7  * of the License, or (at your option) any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
  16  */
  17
  18 /*
  19  * Looks for integers that we get from the user which can be attacked
  20  * with an integer overflow.
  21  *
  22  */
  23
  24 #include "smatch.h"
  25 #include "smatch_slist.h"
  26
  27 static int my_id;
  28
  29 static void match_condition(struct expression *expr)
  30 {
  31         struct expression *left, *right;
  32         struct symbol *type;
  33         char *right_name;
  34         char *left_name;
  35
  36         if (expr->type != EXPR_COMPARE)
  37                 return;
  38         if (expr->op != '<')
  39                 return;
  40
  41         type = get_type(expr);
  42         if (!type_signed(type))
  43                 return;
  44
  45         left = strip_expr(expr->left);
  46         right = strip_expr(expr->right);
  47
  48         if (left->type != EXPR_BINOP) {
  49                 left = get_assigned_expr(left);
  50                 left = strip_expr(left);
  51                 if (!left || left->type != EXPR_BINOP)
  52                         return;
  53         }
  54
  55         if (left->op != '+' && left->op != '*' && left->op != SPECIAL_LEFTSHIFT)
  56                 return;
  57
  58         if (has_variable(left, right) == 1) {
  59                 left_name = expr_to_str(left);
  60                 right_name = expr_to_str(right);
  61                 sm_msg("warn: signed overflow undefined. '%s %s %s'", left_name, show_special(expr->op), right_name);
  62                 free_string(left_name);
  63                 free_string(right_name);
  64         }
  65 }
  66
  67 static void match_binop(struct expression *expr)
  68 {
  69         sval_t left_val, right_min;
  70         char *str;
  71
  72         if (expr->op != '-')
  73                 return;
  74
  75         if (!get_value(expr->left, &left_val))
  76                 return;
  77
  78         switch (left_val.uvalue) {
  79         case SHRT_MAX:
  80         case USHRT_MAX:
  81         case INT_MAX:
  82         case UINT_MAX:
  83         case LLONG_MAX:
  84         case ULLONG_MAX:
  85                 break;
  86         default:
  87                 return;
  88         }
  89
  90         get_absolute_min(expr->right, &right_min);
  91         if (!sval_is_negative(right_min))
  92                 return;
  93
  94         str = expr_to_str(expr);
  95         sm_msg("warn: potential negative subtraction from max '%s'", str);
  96         free_string(str);
  97 }
  98
  99 void check_signed_integer_overflow_check(int id)
 100 {
 101         my_id = id;
 102
 103         add_hook(&match_condition, CONDITION_HOOK);
 104         add_hook(&match_binop, BINOP_HOOK);
 105 }
 106