Re: [PATCH] i2c: mux: harden i2c_mux_alloc() against integer overflows

From: Dan Carpenter
Date: Fri Sep 16 2022 - 10:56:44 EST

Next message: Philippe De Muyter: "Re: [f2fs-dev] [PATCH 1/1] f2fs: fix to check space of current segment journal"
Previous message: Rob Herring: "Re: [PATCH] kbuild: take into account DT_SCHEMA_FILES changes while checking dtbs"
In reply to: Kees Cook: "Re: [PATCH] i2c: mux: harden i2c_mux_alloc() against integer overflows"
Next in thread: Kees Cook: "Re: [PATCH] i2c: mux: harden i2c_mux_alloc() against integer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 16, 2022 at 06:31:45AM -0700, Kees Cook wrote:
> On Fri, Sep 16, 2022 at 11:23:25AM +0300, Dan Carpenter wrote:
> > [...]
> > net/ipv6/mcast.c:450 ip6_mc_source() saving 'size_add' to type 'int'
>
> Interesting! Are you able to report the consumer? e.g. I think a bunch
> of these would be fixed by:
>

Are you asking if I can add "passed to sock_kmalloc()" to the report?
It's possible but it's kind of a headache the way this code is written.

When you pass a function to another function in Smatch:

frob(size_add());

Then Smatch creates a fake assignment: "frob(fake_assign = size_add());"
and parses that instead. So this check only looks at the
"fake_assign = size_add();" assignment.

Attached.

regards,
dan carpenter

/*
* Copyright (C) 2022 Oracle.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt
*/

#include "smatch.h"
#include "smatch_extra.h"
#include "smatch_slist.h"

static int my_id;

static void check_size_t(const char *fn, struct expression *expr, void *unused)
{
struct symbol *type;

type = get_type(expr->left);
if (types_equiv(type, &long_ctype) ||
types_equiv(type, &ulong_ctype))
return;
sm_msg("saving '%s' to type '%s'", fn, type_to_str(type));
}

void check_overflow_truncated(int id)
{
my_id = id;

if (option_project != PROJ_KERNEL)
return;
add_function_assign_hook("size_mul", &check_size_t, NULL);
add_function_assign_hook("size_add", &check_size_t, NULL);
add_function_assign_hook("size_sub", &check_size_t, NULL);
add_function_assign_hook("__ab_c_size", &check_size_t, NULL);
add_function_assign_hook("array_size", &check_size_t, NULL);
add_function_assign_hook("array3_size", &check_size_t, NULL);

}

Next message: Philippe De Muyter: "Re: [f2fs-dev] [PATCH 1/1] f2fs: fix to check space of current segment journal"
Previous message: Rob Herring: "Re: [PATCH] kbuild: take into account DT_SCHEMA_FILES changes while checking dtbs"
In reply to: Kees Cook: "Re: [PATCH] i2c: mux: harden i2c_mux_alloc() against integer overflows"
Next in thread: Kees Cook: "Re: [PATCH] i2c: mux: harden i2c_mux_alloc() against integer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]