1 /*
2 * Copyright (C) 2013 Oracle.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
16 */
17
18 #include "scope.h"
19 #include "smatch.h"
20 #include "smatch_extra.h"
21
match_strlen(struct expression * call,void * unused,struct range_list ** rl)22 static int match_strlen(struct expression *call, void *unused, struct range_list **rl)
23 {
24 struct expression *str;
25 unsigned long max;
26
27 str = get_argument_from_call_expr(call->args, 0);
28 if (get_implied_strlen(str, rl) && sval_is_positive(rl_min(*rl))) {
29 *rl = cast_rl(&ulong_ctype, *rl);
30 return 1;
31 }
32 /* smatch_strlen.c is not very complete */
33 max = get_array_size_bytes_max(str);
34 if (max == 0) {
35 *rl = alloc_rl(sval_type_val(&ulong_ctype, 0),
36 sval_type_val(&ulong_ctype, STRLEN_MAX_RET));
37 } else {
38 max--;
39 *rl = alloc_rl(sval_type_val(&ulong_ctype, 0),
40 sval_type_val(&ulong_ctype, max));
41 }
42 return 1;
43 }
44
match_strnlen(struct expression * call,void * unused,struct range_list ** rl)45 static int match_strnlen(struct expression *call, void *unused, struct range_list **rl)
46 {
47 struct expression *limit;
48 sval_t fixed;
49 sval_t bound;
50 sval_t ulong_max = sval_type_val(&ulong_ctype, ULONG_MAX);
51
52 match_strlen(call, NULL, rl);
53 limit = get_argument_from_call_expr(call->args, 1);
54 if (!get_implied_max(limit, &bound))
55 return 1;
56 if (sval_cmp(bound, ulong_max) == 0)
57 return 1;
58 if (rl_to_sval(*rl, &fixed) && sval_cmp(fixed, bound) >= 0) {
59 *rl = alloc_rl(bound, bound);
60 return 1;
61 }
62
63 bound.value++;
64 *rl = remove_range(*rl, bound, ulong_max);
65
66 return 1;
67 }
68
match_sprintf(struct expression * call,void * _arg,struct range_list ** rl)69 static int match_sprintf(struct expression *call, void *_arg, struct range_list **rl)
70 {
71 int str_arg = PTR_INT(_arg);
72 int min, max;
73
74 min = get_formatted_string_min_size(call, str_arg);
75 max = get_formatted_string_size(call, str_arg);
76 if (min < 0 || max < 0) {
77 *rl = alloc_whole_rl(&ulong_ctype);
78 } else {
79 *rl = alloc_rl(ll_to_sval(min), ll_to_sval(max));
80 *rl = cast_rl(get_type(call), *rl);
81 }
82 return 1;
83 }
84
register_common_functions(int id)85 void register_common_functions(int id)
86 {
87 /*
88 * When you add a new function here, then don't forget to delete it from
89 * the database and smatch_data/.
90 */
91 add_implied_return_hook("strlen", &match_strlen, NULL);
92 add_implied_return_hook("strnlen", &match_strnlen, NULL);
93 add_implied_return_hook("sprintf", &match_sprintf, INT_PTR(1));
94 add_implied_return_hook("snprintf", &match_sprintf, INT_PTR(2));
95 }
96