1 /*
2 * Copyright (C) 2018 Oracle. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "smatch.h"
19 #include "smatch_extra.h"
20 #include "smatch_slist.h"
21
22 static int my_id;
23
24 struct db_info {
25 int count;
26 struct symbol *type;
27 struct range_list *rl;
28 };
29
get_vals(void * _db_info,int argc,char ** argv,char ** azColName)30 static int get_vals(void *_db_info, int argc, char **argv, char **azColName)
31 {
32 struct db_info *db_info = _db_info;
33 struct range_list *rl;
34
35 str_to_rl(db_info->type, argv[0], &rl);
36 db_info->rl = rl_union(db_info->rl, rl);
37
38 return 0;
39 }
40
is_file_local(struct expression * array)41 static int is_file_local(struct expression *array)
42 {
43 struct symbol *sym = NULL;
44 char *name;
45
46 name = expr_to_str_sym(array, &sym);
47 free_string(name);
48 if (!sym)
49 return 0;
50
51 if ((sym->ctype.modifiers & MOD_TOPLEVEL) &&
52 (sym->ctype.modifiers & MOD_STATIC))
53 return 1;
54 return 0;
55 }
56
get_toplevel_name(struct expression * array)57 static char *get_toplevel_name(struct expression *array)
58 {
59 char *name;
60 char buf[128];
61
62 if (is_array(array))
63 array = get_array_base(array);
64
65 if (!array || array->type != EXPR_SYMBOL)
66 return NULL;
67 if (!is_file_local(array))
68 return NULL;
69
70 name = expr_to_str(array);
71 snprintf(buf, sizeof(buf), "%s[]", name);
72 free_string(name);
73
74 return alloc_sname(buf);
75 }
76
get_member_array(struct expression * array)77 static char *get_member_array(struct expression *array)
78 {
79 char *name;
80 char buf[128];
81
82 name = get_member_name(array);
83 if (!name)
84 return NULL;
85 snprintf(buf, sizeof(buf), "%s[]", name);
86 free_string(name);
87 return alloc_sname(buf);
88 }
89
get_array_name(struct expression * array)90 static char *get_array_name(struct expression *array)
91 {
92 struct symbol *type;
93 char *name;
94
95 type = get_type(array);
96 if (!type || type->type != SYM_ARRAY)
97 return NULL;
98
99 name = get_toplevel_name(array);
100 if (name)
101 return name;
102 name = get_member_array(array);
103 if (name)
104 return name;
105
106 return NULL;
107 }
108
get_array_rl(struct expression * expr,struct range_list ** rl)109 int get_array_rl(struct expression *expr, struct range_list **rl)
110 {
111 struct expression *array;
112 struct symbol *type;
113 struct db_info db_info = {};
114 char *name;
115
116 type = get_type(expr);
117 if (!type || type->type != SYM_BASETYPE)
118 return 0;
119 db_info.type = type;
120
121 array = get_array_base(expr);
122 name = get_array_name(array);
123 if (!name)
124 return 0;
125
126 if (is_file_local(array)) {
127 run_sql(&get_vals, &db_info,
128 "select value from sink_info where file = '%s' and static = 1 and sink_name = '%s' and type = %d;",
129 get_filename(), name, DATA_VALUE);
130 } else {
131 run_sql(&get_vals, &db_info,
132 "select value from sink_info where sink_name = '%s' and type = %d limit 10;",
133 name, DATA_VALUE);
134 }
135 if (!db_info.rl || db_info.count >= 10)
136 return 0;
137
138 *rl = db_info.rl;
139 return 1;
140 }
141
get_saved_rl(struct symbol * type,char * name)142 static struct range_list *get_saved_rl(struct symbol *type, char *name)
143 {
144 struct db_info db_info = {.type = type};
145
146 cache_sql(&get_vals, &db_info, "select value from sink_info where sink_name = '%s' and type = %d;",
147 name, DATA_VALUE);
148 return db_info.rl;
149 }
150
update_cache(char * name,int is_static,struct range_list * rl)151 static void update_cache(char *name, int is_static, struct range_list *rl)
152 {
153 cache_sql(NULL, NULL, "delete from sink_info where sink_name = '%s' and type = %d;",
154 name, DATA_VALUE);
155 cache_sql(NULL, NULL, "insert into sink_info values ('%s', %d, '%s', %d, '', '%s');",
156 get_filename(), is_static, name, DATA_VALUE, show_rl(rl));
157 }
158
match_assign(struct expression * expr)159 static void match_assign(struct expression *expr)
160 {
161 struct expression *left, *array;
162 struct range_list *orig_rl, *rl;
163 struct symbol *type;
164 char *name;
165
166 type = get_type(expr->left);
167 if (!type || type->type != SYM_BASETYPE)
168 return;
169
170 left = strip_expr(expr->left);
171 if (!is_array(left))
172 return;
173 array = get_array_base(left);
174 name = get_array_name(array);
175 if (!name)
176 return;
177
178 if (expr->op != '=') {
179 rl = alloc_whole_rl(get_type(expr->right));
180 rl = cast_rl(type, rl);
181 } else {
182 get_absolute_rl(expr->right, &rl);
183 rl = cast_rl(type, rl);
184 orig_rl = get_saved_rl(type, name);
185 rl = rl_union(orig_rl, rl);
186 }
187
188 update_cache(name, is_file_local(array), rl);
189 }
190
mark_strings_unknown(const char * fn,struct expression * expr,void * _arg)191 static void mark_strings_unknown(const char *fn, struct expression *expr, void *_arg)
192 {
193 struct expression *dest;
194 struct symbol *type;
195 int arg = PTR_INT(_arg);
196 char *name;
197
198 dest = get_argument_from_call_expr(expr->args, arg);
199 if (!dest)
200 return;
201 name = get_array_name(dest);
202 if (!name)
203 return;
204 type = get_type(dest);
205 if (type_is_ptr(type))
206 type = get_real_base_type(type);
207 update_cache(name, is_file_local(dest), alloc_whole_rl(type));
208 }
209
register_array_values(int id)210 void register_array_values(int id)
211 {
212 my_id = id;
213
214 add_hook(&match_assign, ASSIGNMENT_HOOK);
215 add_hook(&match_assign, GLOBAL_ASSIGNMENT_HOOK);
216
217 add_function_hook("sprintf", &mark_strings_unknown, INT_PTR(0));
218 add_function_hook("snprintf", &mark_strings_unknown, INT_PTR(0));
219
220 add_function_hook("strcpy", &mark_strings_unknown, INT_PTR(0));
221 add_function_hook("strncpy", &mark_strings_unknown, INT_PTR(0));
222 add_function_hook("strlcpy", &mark_strings_unknown, INT_PTR(0));
223 add_function_hook("strscpy", &mark_strings_unknown, INT_PTR(0));
224 }
225