From c55037cfc2c868e452cabca5a29d0ae4db622edf Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon, 20 Jun 2022 14:21:25 +0300
Subject: [PATCH] buf_comparison: don't use assigned variable so much

The bug here is that we have:

	len = min_t();
	...
	buf = kmalloc(len, GFP_KERNEL);

Originally it would record that "buf" is size min_t() which is accurate but
not as useful as saying that it's "len".  We do still want to handle
"len = nr * sizeof();" so we track those assignments still.

A more ideal solution would be to record both relationships.  #IDEA

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 smatch_buf_comparison.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/smatch_buf_comparison.c b/smatch_buf_comparison.c
index 29036bec..4f317784 100644
--- a/smatch_buf_comparison.c
+++ b/smatch_buf_comparison.c
@@ -157,18 +157,15 @@ static void match_alloc_helper(struct expression *pointer, struct expression *si
 	struct sm_state *sm;
 	int limit_type = ELEM_COUNT;
 	sval_t sval;
-	int cnt = 0;
 
 	pointer = strip_expr(pointer);
 	size = strip_expr(size);
 	if (!size || !pointer)
 		return;
 
-	while ((tmp = get_assigned_expr(size))) {
+	tmp = get_assigned_expr_recurse(size);
+	if (tmp && tmp->op == EXPR_BINOP)
 		size = strip_expr(tmp);
-		if (cnt++ > 5)
-			break;
-	}
 
 	if (size->type == EXPR_BINOP && size->op == '*') {
 		struct expression *mult_left, *mult_right;
-- 
2.11.4.GIT