From db523bc63f888a00922a51e5c14a56024b932388 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 3 Jul 2018 18:38:40 +0300
Subject: [PATCH] check_user_data: mark kvm_register_read() as returning user
 data

The main thing from this patch is:

add_function_assign_hook("kvm_register_read", &match_returns_user_rl, NULL);

But I wanted to rename the function because that's a simple_strtoul
function.  Then I noticed that we should be taking the type of the function
and casting that range list to the variable we're assigning it to.  It
probably doesn't make a big difference in real life, but it's more correct.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 check_user_data2.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/check_user_data2.c b/check_user_data2.c
index c724e395..8d5516aa 100644
--- a/check_user_data2.c
+++ b/check_user_data2.c
@@ -591,11 +591,17 @@ static void match_user_assign_function(const char *fn, struct expression *expr,
 	set_points_to_user_data(expr->left);
 }
 
-static void match_simple_strtoul(const char *fn, struct expression *expr, void *unused)
+static void match_returns_user_rl(const char *fn, struct expression *expr, void *unused)
 {
+	struct smatch_state *estate;
+	struct range_list *rl;
+
 	func_gets_user_data = true;
 
-	set_state_expr(my_id, expr->left, alloc_estate_whole(get_type(expr->left)));
+	rl = alloc_whole_rl(get_type(expr->right));
+	rl = cast_rl(get_type(expr->left), rl);
+	estate = alloc_estate_rl(rl);
+	set_state_expr(my_id, expr->left, estate);
 }
 
 static int get_user_macro_rl(struct expression *expr, struct range_list **rl)
@@ -1157,10 +1163,11 @@ void check_user_data2(int id)
 	for (i = 0; i < ARRAY_SIZE(kstr_funcs); i++)
 		add_function_hook(kstr_funcs[i], &match_user_copy, INT_PTR(2));
 
-	add_function_assign_hook("simple_strtol", &match_simple_strtoul, NULL);
-	add_function_assign_hook("simple_strtoll", &match_simple_strtoul, NULL);
-	add_function_assign_hook("simple_strtoul", &match_simple_strtoul, NULL);
-	add_function_assign_hook("simple_strtoull", &match_simple_strtoul, NULL);
+	add_function_assign_hook("simple_strtol", &match_returns_user_rl, NULL);
+	add_function_assign_hook("simple_strtoll", &match_returns_user_rl, NULL);
+	add_function_assign_hook("simple_strtoul", &match_returns_user_rl, NULL);
+	add_function_assign_hook("simple_strtoull", &match_returns_user_rl, NULL);
+	add_function_assign_hook("kvm_register_read", &match_returns_user_rl, NULL);
 
 	add_function_hook("sscanf", &match_sscanf, NULL);
 
-- 
2.11.4.GIT