11f5207b7SJohn Levon /*
21f5207b7SJohn Levon  * Copyright (C) 2013 Oracle.
31f5207b7SJohn Levon  *
41f5207b7SJohn Levon  * This program is free software; you can redistribute it and/or
51f5207b7SJohn Levon  * modify it under the terms of the GNU General Public License
61f5207b7SJohn Levon  * as published by the Free Software Foundation; either version 2
71f5207b7SJohn Levon  * of the License, or (at your option) any later version.
81f5207b7SJohn Levon  *
91f5207b7SJohn Levon  * This program is distributed in the hope that it will be useful,
101f5207b7SJohn Levon  * but WITHOUT ANY WARRANTY; without even the implied warranty of
111f5207b7SJohn Levon  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
121f5207b7SJohn Levon  * GNU General Public License for more details.
131f5207b7SJohn Levon  *
141f5207b7SJohn Levon  * You should have received a copy of the GNU General Public License
151f5207b7SJohn Levon  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
161f5207b7SJohn Levon  */
171f5207b7SJohn Levon 
181f5207b7SJohn Levon #include "scope.h"
191f5207b7SJohn Levon #include "smatch.h"
201f5207b7SJohn Levon #include "smatch_extra.h"
211f5207b7SJohn Levon 
match_strlen(struct expression * call,void * unused,struct range_list ** rl)221f5207b7SJohn Levon static int match_strlen(struct expression *call, void *unused, struct range_list **rl)
231f5207b7SJohn Levon {
241f5207b7SJohn Levon 	struct expression *str;
251f5207b7SJohn Levon 	unsigned long max;
261f5207b7SJohn Levon 
271f5207b7SJohn Levon 	str = get_argument_from_call_expr(call->args, 0);
281f5207b7SJohn Levon 	if (get_implied_strlen(str, rl) && sval_is_positive(rl_min(*rl))) {
291f5207b7SJohn Levon 		*rl = cast_rl(&ulong_ctype, *rl);
301f5207b7SJohn Levon 		return 1;
311f5207b7SJohn Levon 	}
321f5207b7SJohn Levon 	/* smatch_strlen.c is not very complete */
331f5207b7SJohn Levon 	max = get_array_size_bytes_max(str);
341f5207b7SJohn Levon 	if (max == 0) {
351f5207b7SJohn Levon 		*rl = alloc_rl(sval_type_val(&ulong_ctype, 0),
361f5207b7SJohn Levon 			       sval_type_val(&ulong_ctype, STRLEN_MAX_RET));
371f5207b7SJohn Levon 	} else {
381f5207b7SJohn Levon 		max--;
391f5207b7SJohn Levon 		*rl = alloc_rl(sval_type_val(&ulong_ctype, 0),
401f5207b7SJohn Levon 			       sval_type_val(&ulong_ctype, max));
411f5207b7SJohn Levon 	}
421f5207b7SJohn Levon 	return 1;
431f5207b7SJohn Levon }
441f5207b7SJohn Levon 
match_strnlen(struct expression * call,void * unused,struct range_list ** rl)451f5207b7SJohn Levon static int match_strnlen(struct expression *call, void *unused, struct range_list **rl)
461f5207b7SJohn Levon {
471f5207b7SJohn Levon 	struct expression *limit;
481f5207b7SJohn Levon 	sval_t fixed;
491f5207b7SJohn Levon 	sval_t bound;
501f5207b7SJohn Levon 	sval_t ulong_max = sval_type_val(&ulong_ctype, ULONG_MAX);
511f5207b7SJohn Levon 
521f5207b7SJohn Levon 	match_strlen(call, NULL, rl);
531f5207b7SJohn Levon 	limit = get_argument_from_call_expr(call->args, 1);
541f5207b7SJohn Levon 	if (!get_implied_max(limit, &bound))
551f5207b7SJohn Levon 		return 1;
561f5207b7SJohn Levon 	if (sval_cmp(bound, ulong_max) == 0)
571f5207b7SJohn Levon 		return 1;
581f5207b7SJohn Levon 	if (rl_to_sval(*rl, &fixed) && sval_cmp(fixed, bound) >= 0) {
591f5207b7SJohn Levon 		*rl = alloc_rl(bound, bound);
601f5207b7SJohn Levon 		return 1;
611f5207b7SJohn Levon 	}
621f5207b7SJohn Levon 
631f5207b7SJohn Levon 	bound.value++;
641f5207b7SJohn Levon 	*rl = remove_range(*rl, bound, ulong_max);
651f5207b7SJohn Levon 
661f5207b7SJohn Levon 	return 1;
671f5207b7SJohn Levon }
681f5207b7SJohn Levon 
match_sprintf(struct expression * call,void * _arg,struct range_list ** rl)691f5207b7SJohn Levon static int match_sprintf(struct expression *call, void *_arg, struct range_list **rl)
701f5207b7SJohn Levon {
711f5207b7SJohn Levon 	int str_arg = PTR_INT(_arg);
72*c85f09ccSJohn Levon 	int min, max;
731f5207b7SJohn Levon 
74*c85f09ccSJohn Levon 	min = get_formatted_string_min_size(call, str_arg);
75*c85f09ccSJohn Levon 	max = get_formatted_string_size(call, str_arg);
76*c85f09ccSJohn Levon 	if (min < 0 || max < 0) {
771f5207b7SJohn Levon 		*rl = alloc_whole_rl(&ulong_ctype);
781f5207b7SJohn Levon 	} else {
79*c85f09ccSJohn Levon 		*rl = alloc_rl(ll_to_sval(min), ll_to_sval(max));
80*c85f09ccSJohn Levon 		*rl = cast_rl(get_type(call), *rl);
811f5207b7SJohn Levon 	}
821f5207b7SJohn Levon 	return 1;
831f5207b7SJohn Levon }
841f5207b7SJohn Levon 
register_common_functions(int id)851f5207b7SJohn Levon void register_common_functions(int id)
861f5207b7SJohn Levon {
871f5207b7SJohn Levon 	/*
881f5207b7SJohn Levon 	 * When you add a new function here, then don't forget to delete it from
891f5207b7SJohn Levon 	 * the database and smatch_data/.
901f5207b7SJohn Levon 	 */
911f5207b7SJohn Levon 	add_implied_return_hook("strlen", &match_strlen, NULL);
921f5207b7SJohn Levon 	add_implied_return_hook("strnlen", &match_strnlen, NULL);
931f5207b7SJohn Levon 	add_implied_return_hook("sprintf", &match_sprintf, INT_PTR(1));
941f5207b7SJohn Levon 	add_implied_return_hook("snprintf", &match_sprintf, INT_PTR(2));
951f5207b7SJohn Levon }
96