rosenberg info leaks: check __copy_to_user()
[smatch.git] / check_allocation_funcs.c
blobdf77157d81bef96f7900dbb3350232a93cdba571
1 /*
2 * sparse/check_allocation_funcs.c
4 * Copyright (C) 2009 Dan Carpenter.
6 * Licensed under the Open Software License version 1.1
8 */
10 #include <fcntl.h>
11 #include <unistd.h>
12 #include "parse.h"
13 #include "smatch.h"
14 #include "smatch_slist.h"
16 static int my_id;
19 * Print a list of functions that return newly allocated memory.
22 static struct tracker_list *allocated;
24 static const char *allocation_funcs[] = {
25 "kmalloc",
26 "kzalloc",
27 "kcalloc",
28 NULL,
31 static void match_allocation(const char *fn, struct expression *expr,
32 void *info)
34 char *left_name;
35 struct symbol *left_sym;
37 left_name = expr_to_var_sym(expr->left, &left_sym);
38 if (!left_name || !left_sym)
39 goto free;
40 if (left_sym->ctype.modifiers &
41 (MOD_NONLOCAL | MOD_STATIC | MOD_ADDRESSABLE))
42 goto free;
43 add_tracker(&allocated, my_id, left_name, left_sym);
44 free:
45 free_string(left_name);
48 static int returns_new_stuff = 0;
49 static int returns_old_stuff = 0;
50 static void match_return(struct expression *ret_value)
52 char *name;
53 struct symbol *sym;
54 sval_t tmp;
56 if (__inline_fn)
57 return;
58 if (get_value(ret_value, &tmp) && tmp.value == 0)
59 return;
60 returns_new_stuff = 1;
61 name = expr_to_var_sym(ret_value, &sym);
62 if (!name || !sym) {
63 returns_old_stuff = 1;
64 goto free;
66 if (!in_tracker_list(allocated, my_id, name, sym))
67 returns_old_stuff = 1;
68 free:
69 free_string(name);
72 static void match_end_func(struct symbol *sym)
74 if (__inline_fn)
75 return;
76 if (returns_new_stuff && !returns_old_stuff)
77 sm_info("allocation func");
78 free_trackers_and_list(&allocated);
79 returns_new_stuff = 0;
80 returns_old_stuff = 0;
83 void check_allocation_funcs(int id)
85 int i;
87 if (!option_info || option_project != PROJ_KERNEL)
88 return;
90 my_id = id;
91 add_hook(&match_return, RETURN_HOOK);
92 add_hook(&match_end_func, END_FUNC_HOOK);
93 for (i = 0; allocation_funcs[i]; i++) {
94 add_function_assign_hook(allocation_funcs[i],
95 &match_allocation, NULL);