| commit | 3f39ea88e592dba24d68db4abdf65b37eca2cb33 | |
| author | Dan Carpenter <dan.carpenter@oracle.com> | |
| Thu, 11 May 2017 09:14:57 +0000 (11 12:14 +0300) | ||
| committer | Dan Carpenter <dan.carpenter@oracle.com> | |
| Thu, 11 May 2017 09:14:57 +0000 (11 12:14 +0300) | ||
| tree | f4a6eb238c77d56b2e659ca7532b5d2c01d74e8c | treesnapshot (tar.gz zip) |
| parent | c21028b9ee9856ed9132f628b3cc58e4b9513be5 | commitdiff |
return_to_param: don't modify memory on the stack
The param_set/param_add code never tries to modify stack memory but when
we use the param_long_to_short mapping then it can happen. What that looks
like is this:
ptr = foo->bar;
frob(foo);
The frob() function sets "foo->bar" and in the original code that would
change "ptr" as well, but "ptr" is stored on the stack and should stay
the same.
For PARAM_LIMIT and PARAM_FILTER then we do want to update "ptr". That
looks like this:
ptr = foo->bar;
if (frob(foo)) { ...
Imagine that frob() only returns true if foo->bar is non-NULL then we know
that ptr is non-NULL also.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
The param_set/param_add code never tries to modify stack memory but when
we use the param_long_to_short mapping then it can happen. What that looks
like is this:
ptr = foo->bar;
frob(foo);
The frob() function sets "foo->bar" and in the original code that would
change "ptr" as well, but "ptr" is stored on the stack and should stay
the same.
For PARAM_LIMIT and PARAM_FILTER then we do want to update "ptr". That
looks like this:
ptr = foo->bar;
if (frob(foo)) { ...
Imagine that frob() only returns true if foo->bar is non-NULL then we know
that ptr is non-NULL also.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
| smatch.h | diffblobblamehistory | |
| smatch_extra.c | diffblobblamehistory | |
| smatch_return_to_param.c | diffblobblamehistory |