From 39cbd5a61ce7a803dbdce77b83a8972c900b6400 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@gmail.com>
Date: Mon, 15 Feb 2010 17:50:12 +0300
Subject: [PATCH] check_overflow:  handle: "int *p = &array;"

The ampersand in front of the array name was confusing smatch.

Signed-off-by: Dan Carpenter <error27@gmail.com>
---
 check_overflow.c                | 15 +++++++++++++++
 validation/sm_array_overflow4.c |  9 ++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/check_overflow.c b/check_overflow.c
index 58563c88..bb69beab 100644
--- a/check_overflow.c
+++ b/check_overflow.c
@@ -360,6 +360,20 @@ static void match_condition(struct expression *expr)
 	} END_FOR_EACH_PTR(tmp);
 }
 
+static struct expression *strip_ampersands(struct expression *expr)
+{
+	struct symbol *type;
+
+	if (expr->type != EXPR_PREOP)
+		return expr;
+	if (expr->op != '&')
+		return expr;
+	type = get_type(expr->unop);
+	if (!type || type->type != SYM_ARRAY)
+		return expr;
+	return expr->unop;
+}
+
 static void match_array_assignment(struct expression *expr)
 {
 	struct expression *left;
@@ -370,6 +384,7 @@ static void match_array_assignment(struct expression *expr)
 		return;
 	left = strip_expr(expr->left);
 	right = strip_expr(expr->right);
+	right = strip_ampersands(right);
 	array_size = get_array_size_bytes(right);
 	if (array_size)
 		set_state_expr(my_size_id, left, alloc_my_state(array_size));
diff --git a/validation/sm_array_overflow4.c b/validation/sm_array_overflow4.c
index 48fc13db..7184f3e3 100644
--- a/validation/sm_array_overflow4.c
+++ b/validation/sm_array_overflow4.c
@@ -8,6 +8,7 @@ long long a[] = {1, 2};
 int main(void)
 {
 	short *s = a;
+	short *s2 = (&(a));
 	char buf[4];
 	int i;
 
@@ -19,6 +20,7 @@ int main(void)
 	printf("%d\n", s[6]);
 	printf("%d\n", s[7]);
 	printf("%d\n", s[8]);
+	printf("%d\n", s2[8]);
 	printf("%d\n", ((short *)a)[6]);
 	printf("%d\n", ((short *)a)[8]);
 	strcpy(buf, "1234");
@@ -30,8 +32,9 @@ int main(void)
  * check-command: smatch sm_array_overflow4.c
  *
  * check-output-start
-sm_array_overflow4.c +21 main(13) error: buffer overflow 's' 8 <= 8
-sm_array_overflow4.c +23 main(15) error: buffer overflow 'a' 8 <= 8
-sm_array_overflow4.c +24 main(16) error: strcpy() "1234" too large for buf (5 vs 4)
+sm_array_overflow4.c +22 main(14) error: buffer overflow 's' 8 <= 8
+sm_array_overflow4.c +23 main(15) error: buffer overflow 's2' 8 <= 8
+sm_array_overflow4.c +25 main(17) error: buffer overflow 'a' 8 <= 8
+sm_array_overflow4.c +26 main(18) error: strcpy() "1234" too large for buf (5 vs 4)
  * check-output-end
  */
-- 
2.11.4.GIT