11f5207b7SJohn Levon /*
21f5207b7SJohn Levon  * Copyright (C) 2018 Oracle.  All rights reserved.
31f5207b7SJohn Levon  *
41f5207b7SJohn Levon  * This program is free software; you can redistribute it and/or
51f5207b7SJohn Levon  * modify it under the terms of the GNU General Public License
61f5207b7SJohn Levon  * as published by the Free Software Foundation; either version 2
71f5207b7SJohn Levon  * of the License, or (at your option) any later version.
81f5207b7SJohn Levon  *
91f5207b7SJohn Levon  * This program is distributed in the hope that it will be useful,
101f5207b7SJohn Levon  * but WITHOUT ANY WARRANTY; without even the implied warranty of
121f5207b7SJohn Levon  * GNU General Public License for more details.
131f5207b7SJohn Levon  *
141f5207b7SJohn Levon  * You should have received a copy of the GNU General Public License
151f5207b7SJohn Levon  * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
161f5207b7SJohn Levon  */
171f5207b7SJohn Levon 
181f5207b7SJohn Levon #include "smatch.h"
191f5207b7SJohn Levon #include "smatch_extra.h"
201f5207b7SJohn Levon #include "smatch_slist.h"
211f5207b7SJohn Levon 
221f5207b7SJohn Levon static int my_id;
231f5207b7SJohn Levon 
241f5207b7SJohn Levon struct db_info {
251f5207b7SJohn Levon 	int count;
261f5207b7SJohn Levon 	struct symbol *type;
271f5207b7SJohn Levon 	struct range_list *rl;
281f5207b7SJohn Levon };
291f5207b7SJohn Levon 
get_vals(void * _db_info,int argc,char ** argv,char ** azColName)301f5207b7SJohn Levon static int get_vals(void *_db_info, int argc, char **argv, char **azColName)
311f5207b7SJohn Levon {
321f5207b7SJohn Levon 	struct db_info *db_info = _db_info;
331f5207b7SJohn Levon 	struct range_list *rl;
341f5207b7SJohn Levon 
351f5207b7SJohn Levon 	str_to_rl(db_info->type, argv[0], &rl);
361f5207b7SJohn Levon 	db_info->rl = rl_union(db_info->rl, rl);
371f5207b7SJohn Levon 
381f5207b7SJohn Levon 	return 0;
391f5207b7SJohn Levon }
401f5207b7SJohn Levon 
is_file_local(struct expression * array)411f5207b7SJohn Levon static int is_file_local(struct expression *array)
421f5207b7SJohn Levon {
431f5207b7SJohn Levon 	struct symbol *sym = NULL;
441f5207b7SJohn Levon 	char *name;
451f5207b7SJohn Levon 
461f5207b7SJohn Levon 	name = expr_to_str_sym(array, &sym);
471f5207b7SJohn Levon 	free_string(name);
481f5207b7SJohn Levon 	if (!sym)
491f5207b7SJohn Levon 		return 0;
501f5207b7SJohn Levon 
511f5207b7SJohn Levon 	if ((sym->ctype.modifiers & MOD_TOPLEVEL) &&
521f5207b7SJohn Levon 	    (sym->ctype.modifiers & MOD_STATIC))
531f5207b7SJohn Levon 		return 1;
541f5207b7SJohn Levon 	return 0;
551f5207b7SJohn Levon }
561f5207b7SJohn Levon 
get_toplevel_name(struct expression * array)571f5207b7SJohn Levon static char *get_toplevel_name(struct expression *array)
581f5207b7SJohn Levon {
591f5207b7SJohn Levon 	char *name;
601f5207b7SJohn Levon 	char buf[128];
611f5207b7SJohn Levon 
621f5207b7SJohn Levon 	if (is_array(array))
631f5207b7SJohn Levon 		array = get_array_base(array);
641f5207b7SJohn Levon 
651f5207b7SJohn Levon 	if (!array || array->type != EXPR_SYMBOL)
661f5207b7SJohn Levon 		return NULL;
671f5207b7SJohn Levon 	if (!is_file_local(array))
681f5207b7SJohn Levon 		return NULL;
691f5207b7SJohn Levon 
701f5207b7SJohn Levon 	name = expr_to_str(array);
711f5207b7SJohn Levon 	snprintf(buf, sizeof(buf), "%s[]", name);
721f5207b7SJohn Levon 	free_string(name);
731f5207b7SJohn Levon 
741f5207b7SJohn Levon 	return alloc_sname(buf);
751f5207b7SJohn Levon }
761f5207b7SJohn Levon 
get_member_array(struct expression * array)771f5207b7SJohn Levon static char *get_member_array(struct expression *array)
781f5207b7SJohn Levon {
791f5207b7SJohn Levon 	char *name;
801f5207b7SJohn Levon 	char buf[128];
811f5207b7SJohn Levon 
821f5207b7SJohn Levon 	name = get_member_name(array);
831f5207b7SJohn Levon 	if (!name)
841f5207b7SJohn Levon 		return NULL;
851f5207b7SJohn Levon 	snprintf(buf, sizeof(buf), "%s[]", name);
861f5207b7SJohn Levon 	free_string(name);
871f5207b7SJohn Levon 	return alloc_sname(buf);
881f5207b7SJohn Levon }
891f5207b7SJohn Levon 
get_array_name(struct expression * array)901f5207b7SJohn Levon static char *get_array_name(struct expression *array)
911f5207b7SJohn Levon {
921f5207b7SJohn Levon 	struct symbol *type;
931f5207b7SJohn Levon 	char *name;
941f5207b7SJohn Levon 
951f5207b7SJohn Levon 	type = get_type(array);
961f5207b7SJohn Levon 	if (!type || type->type != SYM_ARRAY)
971f5207b7SJohn Levon 		return NULL;
981f5207b7SJohn Levon 
991f5207b7SJohn Levon 	name = get_toplevel_name(array);
1001f5207b7SJohn Levon 	if (name)
1011f5207b7SJohn Levon 		return name;
1021f5207b7SJohn Levon 	name = get_member_array(array);
1031f5207b7SJohn Levon 	if (name)
1041f5207b7SJohn Levon 		return name;
1051f5207b7SJohn Levon 
1061f5207b7SJohn Levon 	return NULL;
1071f5207b7SJohn Levon }
1081f5207b7SJohn Levon 
get_array_rl(struct expression * expr,struct range_list ** rl)1091f5207b7SJohn Levon int get_array_rl(struct expression *expr, struct range_list **rl)
1101f5207b7SJohn Levon {
1111f5207b7SJohn Levon 	struct expression *array;
1121f5207b7SJohn Levon 	struct symbol *type;
1131f5207b7SJohn Levon 	struct db_info db_info = {};
1141f5207b7SJohn Levon 	char *name;
1151f5207b7SJohn Levon 
1161f5207b7SJohn Levon 	type = get_type(expr);
1171f5207b7SJohn Levon 	if (!type || type->type != SYM_BASETYPE)
1181f5207b7SJohn Levon 		return 0;
1191f5207b7SJohn Levon 	db_info.type = type;
1201f5207b7SJohn Levon 
1211f5207b7SJohn Levon 	array = get_array_base(expr);
1221f5207b7SJohn Levon 	name = get_array_name(array);
1231f5207b7SJohn Levon 	if (!name)
1241f5207b7SJohn Levon 		return 0;
1251f5207b7SJohn Levon 
1261f5207b7SJohn Levon 	if (is_file_local(array)) {
1271f5207b7SJohn Levon 		run_sql(&get_vals, &db_info,
1281f5207b7SJohn Levon 			"select value from sink_info where file = '%s' and static = 1 and sink_name = '%s' and type = %d;",
1291f5207b7SJohn Levon 			get_filename(), name, DATA_VALUE);
1301f5207b7SJohn Levon 	} else {
1311f5207b7SJohn Levon 		run_sql(&get_vals, &db_info,
1321f5207b7SJohn Levon 			"select value from sink_info where sink_name = '%s' and type = %d limit 10;",
1331f5207b7SJohn Levon 			name, DATA_VALUE);
1341f5207b7SJohn Levon 	}
1351f5207b7SJohn Levon 	if (!db_info.rl || db_info.count >= 10)
1361f5207b7SJohn Levon 		return 0;
1371f5207b7SJohn Levon 
1381f5207b7SJohn Levon 	*rl = db_info.rl;
1391f5207b7SJohn Levon 	return 1;
1401f5207b7SJohn Levon }
1411f5207b7SJohn Levon 
get_saved_rl(struct symbol * type,char * name)1421f5207b7SJohn Levon static struct range_list *get_saved_rl(struct symbol *type, char *name)
1431f5207b7SJohn Levon {
1441f5207b7SJohn Levon 	struct db_info db_info = {.type = type};
1451f5207b7SJohn Levon 
1461f5207b7SJohn Levon 	cache_sql(&get_vals, &db_info, "select value from sink_info where sink_name = '%s' and type = %d;",
1471f5207b7SJohn Levon 		  name, DATA_VALUE);
1481f5207b7SJohn Levon 	return db_info.rl;
1491f5207b7SJohn Levon }
1501f5207b7SJohn Levon 
update_cache(char * name,int is_static,struct range_list * rl)1511f5207b7SJohn Levon static void update_cache(char *name, int is_static, struct range_list *rl)
1521f5207b7SJohn Levon {
1531f5207b7SJohn Levon 	cache_sql(NULL, NULL, "delete from sink_info where sink_name = '%s' and type = %d;",
1541f5207b7SJohn Levon 		  name, DATA_VALUE);
1551f5207b7SJohn Levon 	cache_sql(NULL, NULL, "insert into sink_info values ('%s', %d, '%s', %d, '', '%s');",
1561f5207b7SJohn Levon 		  get_filename(), is_static, name, DATA_VALUE, show_rl(rl));
1571f5207b7SJohn Levon }
1581f5207b7SJohn Levon 
match_assign(struct expression * expr)1591f5207b7SJohn Levon static void match_assign(struct expression *expr)
1601f5207b7SJohn Levon {
1611f5207b7SJohn Levon 	struct expression *left, *array;
1621f5207b7SJohn Levon 	struct range_list *orig_rl, *rl;
1631f5207b7SJohn Levon 	struct symbol *type;
1641f5207b7SJohn Levon 	char *name;
1651f5207b7SJohn Levon 
166efe51d0cSJohn Levon 	type = get_type(expr->left);
1671f5207b7SJohn Levon 	if (!type || type->type != SYM_BASETYPE)
1681f5207b7SJohn Levon 		return;
1691f5207b7SJohn Levon 
1701f5207b7SJohn Levon 	left = strip_expr(expr->left);
1711f5207b7SJohn Levon 	if (!is_array(left))
1721f5207b7SJohn Levon 		return;
1731f5207b7SJohn Levon 	array = get_array_base(left);
1741f5207b7SJohn Levon 	name = get_array_name(array);
1751f5207b7SJohn Levon 	if (!name)
1761f5207b7SJohn Levon 		return;
1771f5207b7SJohn Levon 
1781f5207b7SJohn Levon 	if (expr->op != '=') {
179efe51d0cSJohn Levon 		rl = alloc_whole_rl(get_type(expr->right));
180efe51d0cSJohn Levon 		rl = cast_rl(type, rl);
1811f5207b7SJohn Levon 	} else {
1821f5207b7SJohn Levon 		get_absolute_rl(expr->right, &rl);
1831f5207b7SJohn Levon 		rl = cast_rl(type, rl);
1841f5207b7SJohn Levon 		orig_rl = get_saved_rl(type, name);
1851f5207b7SJohn Levon 		rl = rl_union(orig_rl, rl);
1861f5207b7SJohn Levon 	}
1871f5207b7SJohn Levon 
1881f5207b7SJohn Levon 	update_cache(name, is_file_local(array), rl);
1891f5207b7SJohn Levon }
1901f5207b7SJohn Levon 
mark_strings_unknown(const char * fn,struct expression * expr,void * _arg)191*c85f09ccSJohn Levon static void mark_strings_unknown(const char *fn, struct expression *expr, void *_arg)
192*c85f09ccSJohn Levon {
193*c85f09ccSJohn Levon 	struct expression *dest;
194*c85f09ccSJohn Levon 	struct symbol *type;
195*c85f09ccSJohn Levon 	int arg = PTR_INT(_arg);
196*c85f09ccSJohn Levon 	char *name;
197*c85f09ccSJohn Levon 
198*c85f09ccSJohn Levon 	dest = get_argument_from_call_expr(expr->args, arg);
199*c85f09ccSJohn Levon 	if (!dest)
200*c85f09ccSJohn Levon 		return;
201*c85f09ccSJohn Levon 	name = get_array_name(dest);
202*c85f09ccSJohn Levon 	if (!name)
203*c85f09ccSJohn Levon 		return;
204*c85f09ccSJohn Levon 	type = get_type(dest);
205*c85f09ccSJohn Levon 	if (type_is_ptr(type))
206*c85f09ccSJohn Levon 		type = get_real_base_type(type);
207*c85f09ccSJohn Levon 	update_cache(name, is_file_local(dest), alloc_whole_rl(type));
208*c85f09ccSJohn Levon }
209*c85f09ccSJohn Levon 
register_array_values(int id)2101f5207b7SJohn Levon void register_array_values(int id)
2111f5207b7SJohn Levon {
2121f5207b7SJohn Levon 	my_id = id;
2131f5207b7SJohn Levon 
2141f5207b7SJohn Levon 	add_hook(&match_assign, ASSIGNMENT_HOOK);
2151f5207b7SJohn Levon 	add_hook(&match_assign, GLOBAL_ASSIGNMENT_HOOK);
216*c85f09ccSJohn Levon 
217*c85f09ccSJohn Levon 	add_function_hook("sprintf", &mark_strings_unknown, INT_PTR(0));
218*c85f09ccSJohn Levon 	add_function_hook("snprintf", &mark_strings_unknown, INT_PTR(0));
219*c85f09ccSJohn Levon 
220*c85f09ccSJohn Levon 	add_function_hook("strcpy", &mark_strings_unknown, INT_PTR(0));
221*c85f09ccSJohn Levon 	add_function_hook("strncpy", &mark_strings_unknown, INT_PTR(0));
222*c85f09ccSJohn Levon 	add_function_hook("strlcpy", &mark_strings_unknown, INT_PTR(0));
223*c85f09ccSJohn Levon 	add_function_hook("strscpy", &mark_strings_unknown, INT_PTR(0));
2241f5207b7SJohn Levon }