1 /* 2 * Copyright (C) 2012 Oracle. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, see http://www.gnu.org/copyleft/gpl.txt 16 */ 17 18 #include "smatch.h" 19 #include "smatch_extra.h" 20 #include "smatch_slist.h" 21 22 static int my_id; 23 24 static struct symbol *get_cast_type(struct expression *expr) 25 { 26 if (!expr || expr->type != EXPR_PREOP || expr->op != '*') 27 return NULL; 28 expr = strip_parens(expr->unop); 29 if (expr->type != EXPR_CAST) 30 return NULL; 31 return get_pointer_type(expr); 32 } 33 34 static void match_overflow(struct expression *expr) 35 { 36 struct expression *ptr; 37 struct symbol *type; 38 int cast_size; 39 int data_size; 40 41 type = get_cast_type(expr->left); 42 if (!type) 43 return; 44 cast_size = type_bytes(type); 45 46 ptr = strip_expr(expr->left->unop); 47 data_size = get_array_size_bytes_min(ptr); 48 if (data_size <= 0) 49 return; 50 if (data_size >= cast_size) 51 return; 52 sm_warning("potential memory corrupting cast %d vs %d bytes", 53 cast_size, data_size); 54 } 55 56 void check_cast_assign(int id) 57 { 58 my_id = id; 59 add_hook(&match_overflow, ASSIGNMENT_HOOK); 60 } 61 62