1*1f5207b7SJohn Levon /* 2*1f5207b7SJohn Levon * Copyright (C) 2012 Oracle. 3*1f5207b7SJohn Levon * 4*1f5207b7SJohn Levon * This program is free software; you can redistribute it and/or 5*1f5207b7SJohn Levon * modify it under the terms of the GNU General Public License 6*1f5207b7SJohn Levon * as published by the Free Software Foundation; either version 2 7*1f5207b7SJohn Levon * of the License, or (at your option) any later version. 8*1f5207b7SJohn Levon * 9*1f5207b7SJohn Levon * This program is distributed in the hope that it will be useful, 10*1f5207b7SJohn Levon * but WITHOUT ANY WARRANTY; without even the implied warranty of 11*1f5207b7SJohn Levon * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12*1f5207b7SJohn Levon * GNU General Public License for more details. 13*1f5207b7SJohn Levon * 14*1f5207b7SJohn Levon * You should have received a copy of the GNU General Public License 15*1f5207b7SJohn Levon * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16*1f5207b7SJohn Levon */ 17*1f5207b7SJohn Levon 18*1f5207b7SJohn Levon #include "smatch.h" 19*1f5207b7SJohn Levon #include "smatch_extra.h" 20*1f5207b7SJohn Levon #include "smatch_slist.h" 21*1f5207b7SJohn Levon 22*1f5207b7SJohn Levon static int my_id; 23*1f5207b7SJohn Levon get_cast_type(struct expression * expr)24*1f5207b7SJohn Levonstatic struct symbol *get_cast_type(struct expression *expr) 25*1f5207b7SJohn Levon { 26*1f5207b7SJohn Levon if (!expr || expr->type != EXPR_PREOP || expr->op != '*') 27*1f5207b7SJohn Levon return NULL; 28*1f5207b7SJohn Levon expr = strip_parens(expr->unop); 29*1f5207b7SJohn Levon if (expr->type != EXPR_CAST) 30*1f5207b7SJohn Levon return NULL; 31*1f5207b7SJohn Levon return get_pointer_type(expr); 32*1f5207b7SJohn Levon } 33*1f5207b7SJohn Levon match_overflow(struct expression * expr)34*1f5207b7SJohn Levonstatic void match_overflow(struct expression *expr) 35*1f5207b7SJohn Levon { 36*1f5207b7SJohn Levon struct expression *ptr; 37*1f5207b7SJohn Levon struct symbol *type; 38*1f5207b7SJohn Levon int cast_size; 39*1f5207b7SJohn Levon int data_size; 40*1f5207b7SJohn Levon 41*1f5207b7SJohn Levon type = get_cast_type(expr->left); 42*1f5207b7SJohn Levon if (!type) 43*1f5207b7SJohn Levon return; 44*1f5207b7SJohn Levon cast_size = type_bytes(type); 45*1f5207b7SJohn Levon 46*1f5207b7SJohn Levon ptr = strip_expr(expr->left->unop); 47*1f5207b7SJohn Levon data_size = get_array_size_bytes_min(ptr); 48*1f5207b7SJohn Levon if (data_size <= 0) 49*1f5207b7SJohn Levon return; 50*1f5207b7SJohn Levon if (data_size >= cast_size) 51*1f5207b7SJohn Levon return; 52*1f5207b7SJohn Levon sm_warning("potential memory corrupting cast %d vs %d bytes", 53*1f5207b7SJohn Levon cast_size, data_size); 54*1f5207b7SJohn Levon } 55*1f5207b7SJohn Levon check_cast_assign(int id)56*1f5207b7SJohn Levonvoid check_cast_assign(int id) 57*1f5207b7SJohn Levon { 58*1f5207b7SJohn Levon my_id = id; 59*1f5207b7SJohn Levon add_hook(&match_overflow, ASSIGNMENT_HOOK); 60*1f5207b7SJohn Levon } 61*1f5207b7SJohn Levon 62