OSCL-LXR linux-6.0.1/​scripts/​coccinelle/​misc/​array_size_dup.cocci	Source navigation Diff markup Identifier search General search
	Version: linux-6.0.1 spark-3.0.0 hadoop-3.2.0-src hadoop-3.3.0-src spark-2.4.7 linux-4.15.13 hadoop-2.7.4-src Revert   Change

 // SPDX-License-Identifier: GPL-2.0-only
 ///
 /// Check for array_size(), array3_size(), struct_size() duplicates.
 /// These patterns are detected:
 ///  1. An opencoded expression is used before array_size() to compute the same size
 ///  2. An opencoded expression is used after array_size() to compute the same size
 /// From security point of view only first case is relevant. These functions
 /// perform arithmetic overflow check. Thus, if we use an opencoded expression
 /// before a call to the *_size() function we can miss an overflow.
 ///
 // Confidence: High
 // Copyright: (C) 2020 Denis Efremov ISPRAS
 // Options: --no-includes --include-headers --no-loops
 
 virtual context
 virtual report
 virtual org
 
 @as@
 expression E1, E2;
 @@
 
 array_size(E1, E2)
 
 @as_next@
 expression subE1 <= as.E1;
 expression subE2 <= as.E2;
 expression as.E1, as.E2, E3;
 assignment operator aop;
 position p1, p2;
 @@
 
 * E1 * E2@p1
   ... when != \(subE1\|subE2\) aop E3
       when != &\(subE1\|subE2\)
 * array_size(E1, E2)@p2
 
 @script:python depends on report@
 p1 << as_next.p1;
 p2 << as_next.p2;
 @@
 
 msg = "WARNING: array_size is used later (line %s) to compute the same size" % (p2[0].line)
 coccilib.report.print_report(p1[0], msg)
 
 @script:python depends on org@
 p1 << as_next.p1;
 p2 << as_next.p2;
 @@
 
 msg = "WARNING: array_size is used later (line %s) to compute the same size" % (p2[0].line)
 coccilib.org.print_todo(p1[0], msg)
 
 @as_prev@
 expression subE1 <= as.E1;
 expression subE2 <= as.E2;
 expression as.E1, as.E2, E3;
 assignment operator aop;
 position p1, p2;
 @@
 
 * array_size(E1, E2)@p1
   ... when != \(subE1\|subE2\) aop E3
       when != &\(subE1\|subE2\)
 * E1 * E2@p2
 
 @script:python depends on report@
 p1 << as_prev.p1;
 p2 << as_prev.p2;
 @@
 
 msg = "WARNING: array_size is already used (line %s) to compute the same size" % (p1[0].line)
 coccilib.report.print_report(p2[0], msg)
 
 @script:python depends on org@
 p1 << as_prev.p1;
 p2 << as_prev.p2;
 @@
 
 msg = "WARNING: array_size is already used (line %s) to compute the same size" % (p1[0].line)
 coccilib.org.print_todo(p2[0], msg)
 
 @as3@
 expression E1, E2, E3;
 @@
 
 array3_size(E1, E2, E3)
 
 @as3_next@
 expression subE1 <= as3.E1;
 expression subE2 <= as3.E2;
 expression subE3 <= as3.E3;
 expression as3.E1, as3.E2, as3.E3, E4;
 assignment operator aop;
 position p1, p2;
 @@
 
 * E1 * E2 * E3@p1
   ... when != \(subE1\|subE2\|subE3\) aop E4
       when != &\(subE1\|subE2\|subE3\)
 * array3_size(E1, E2, E3)@p2
 
 @script:python depends on report@
 p1 << as3_next.p1;
 p2 << as3_next.p2;
 @@
 
 msg = "WARNING: array3_size is used later (line %s) to compute the same size" % (p2[0].line)
 coccilib.report.print_report(p1[0], msg)
 
 @script:python depends on org@
 p1 << as3_next.p1;
 p2 << as3_next.p2;
 @@
 
 msg = "WARNING: array3_size is used later (line %s) to compute the same size" % (p2[0].line)
 coccilib.org.print_todo(p1[0], msg)
 
 @as3_prev@
 expression subE1 <= as3.E1;
 expression subE2 <= as3.E2;
 expression subE3 <= as3.E3;
 expression as3.E1, as3.E2, as3.E3, E4;
 assignment operator aop;
 position p1, p2;
 @@
 
 * array3_size(E1, E2, E3)@p1
   ... when != \(subE1\|subE2\|subE3\) aop E4
       when != &\(subE1\|subE2\|subE3\)
 * E1 * E2 * E3@p2
 
 @script:python depends on report@
 p1 << as3_prev.p1;
 p2 << as3_prev.p2;
 @@
 
 msg = "WARNING: array3_size is already used (line %s) to compute the same size" % (p1[0].line)
 coccilib.report.print_report(p2[0], msg)
 
 @script:python depends on org@
 p1 << as3_prev.p1;
 p2 << as3_prev.p2;
 @@
 
 msg = "WARNING: array3_size is already used (line %s) to compute the same size" % (p1[0].line)
 coccilib.org.print_todo(p2[0], msg)
 
 @ss@
 expression E1, E2, E3;
 @@
 
 struct_size(E1, E2, E3)
 
 @ss_next@
 expression subE3 <= ss.E3;
 expression ss.E1, ss.E2, ss.E3, E4;
 assignment operator aop;
 position p1, p2;
 @@
 
 * E1 * E2 + E3@p1
   ... when != subE3 aop E4
       when != &subE3
 * struct_size(E1, E2, E3)@p2
 
 @script:python depends on report@
 p1 << ss_next.p1;
 p2 << ss_next.p2;
 @@
 
 msg = "WARNING: struct_size is used later (line %s) to compute the same size" % (p2[0].line)
 coccilib.report.print_report(p1[0], msg)
 
 @script:python depends on org@
 p1 << ss_next.p1;
 p2 << ss_next.p2;
 @@
 
 msg = "WARNING: struct_size is used later (line %s) to compute the same size" % (p2[0].line)
 coccilib.org.print_todo(p1[0], msg)
 
 @ss_prev@
 expression subE3 <= ss.E3;
 expression ss.E1, ss.E2, ss.E3, E4;
 assignment operator aop;
 position p1, p2;
 @@
 
 * struct_size(E1, E2, E3)@p1
   ... when != subE3 aop E4
       when != &subE3
 * E1 * E2 + E3@p2
 
 @script:python depends on report@
 p1 << ss_prev.p1;
 p2 << ss_prev.p2;
 @@
 
 msg = "WARNING: struct_size is already used (line %s) to compute the same size" % (p1[0].line)
 coccilib.report.print_report(p2[0], msg)
 
 @script:python depends on org@
 p1 << ss_prev.p1;
 p2 << ss_prev.p2;
 @@
 
 msg = "WARNING: struct_size is already used (line %s) to compute the same size" % (p1[0].line)
 coccilib.org.print_todo(p2[0], msg)

This page was automatically generated by the 2.1.0 LXR engine. The LXR team