Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks

From: Julia Lawall
Date: Wed Jun 17 2020 - 16:08:24 EST

Next message: Nathan Chancellor: "Re: [PATCH v3] seccomp: Add find_notification helper"
Previous message: Rasmus Villemoes: "Re: [PATCH v3 00/21] dynamic_debug cleanups, query features, export"
In reply to: Denis Efremov: "Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks"
Next in thread: Julia Lawall: "Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 17 Jun 2020, Denis Efremov wrote:

>
> >
> > Awesome! I'll take a look into this. :)
> >
> Here is another script for your #83 ticket.
> Currently, it issues 598 warnings.
>
> // SPDX-License-Identifier: GPL-2.0-only
> ///
> /// Check for missing overflow checks in allocation functions.
> /// Low confidence because it's pointless to check for overflow
> /// relatively small allocations.
> ///
> // Confidence: Low
> // Copyright: (C) 2020 Denis Efremov ISPRAS
> // Options: --no-includes --include-headers
>
> virtual patch
> virtual context
> virtual org
> virtual report
>
> @depends on patch@
> expression E1, E2, E3, E4, size;
> @@
>
> (
> - size = E1 * E2;
> + size = array_size(E1, E2);
> |
> - size = E1 * E2 * E3;
> + size = array3_size(E1, E2, E3);
> |
> - size = E1 * E2 + E3;
> + size = struct_size(E1, E2, E3);

Should the arguments be checked to see if they have something to do with
arrays and structures?

> )
> ... when != size = E4
> when != size += E4
> when != size -= E4
> when != size *= E4

Here you can have a metavariable

assignment operator aop;

and then say size aop E4

It doesn't really look like an assignment any more, but it could be a
little safer.

julia

> when != &size
> \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
> vmalloc\|vzalloc\|vzalloc_node\|
> kvmalloc\|kvzalloc\|kvzalloc_node\|
> sock_kmalloc\|
> f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
> devm_kmalloc\|devm_kzalloc\)
> (..., size, ...)
>
> @r depends on !patch@
> expression E1, E2, E3, E4, size;
> position p;
> @@
>
> (
> * size = E1 * E2;@p
> |
> * size = E1 * E2 * E3;@p
> |
> * size = E1 * E2 + E3;@p
> )
> ... when != size = E4
> when != size += E4
> when != size -= E4
> when != size *= E4
> when != &size
> * \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
> vmalloc\|vzalloc\|vzalloc_node\|
> kvmalloc\|kvzalloc\|kvzalloc_node\|
> sock_kmalloc\|
> f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
> devm_kmalloc\|devm_kzalloc\)
> (..., size, ...)
>
> @script:python depends on report@
> p << r.p;
> @@
>
> coccilib.report.print_report(p[0], "WARNING: missing overflow check")
>
> @script:python depends on org@
> p << r.p;
> @@
>
> coccilib.org.print_todo(p[0], "WARNING: missing overflow check")
> _______________________________________________
> Cocci mailing list
> Cocci@xxxxxxxxxxxxxxx
> https://systeme.lip6.fr/mailman/listinfo/cocci
>

Next message: Nathan Chancellor: "Re: [PATCH v3] seccomp: Add find_notification helper"
Previous message: Rasmus Villemoes: "Re: [PATCH v3 00/21] dynamic_debug cleanups, query features, export"
In reply to: Denis Efremov: "Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks"
Next in thread: Julia Lawall: "Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]