Hi all,
I'm struggling with simple (in my opinion) checker - for memset wrong
usage. Gcc can detect and warn about case when last parameter of
memset is zero, as it is probably incorrect.
Extracted piece of code is:
int fun(void)
{
char *data_ptr = NULL;
int handle = 0;
int val = 0;
int len = 0;
if (handle == 0) {
// if I put here some len assignment and memset, then it starts working
} else {
memset(data_ptr, val, len);
}
return 0;
}
And I can't get the following checker to detect such case:
// RG - detect invalid memset
// Options:
virtual patch
@rule1@
@@
- memset(..., 0)
@rule2@
identifier E;
expression E2;
type T;
@@
T E = 0;
...
(
E = 0;
...
memset(..., E);
+ BUG(E);
|
E = E2;
...
memset(..., E);
|
memset(..., E);
+ BUG(E);
)
@rule3@
expression E, E2;
@@
E = 0;
...
(
E = 0;
...
memset(..., E);
+ BUG(E);
|
E = E2;
...
memset(..., E);
|
memset(..., E);
+ BUG(E);
)
Other simple cases are detected:
#include <stdio.h>
int main(int argc, char ** argv) {
int i = 0;
int i2 = 0;
int j;
int k;
k = 0;
char *a;
int condition;
j = 0;
memset(a, 0, i);
memset(a, 0, j);
memset(a, 0, 0);
if (condition) {
k = 5;
memset(a, 0, k);
} else {
memset(a, 0, k);
k = 10;
}
return 0;
}
But problem appears when one of if branches doesn't contain variable reference.
How can I improve that checker?
Regards,
Robert
_______________________________________________
Cocci mailing list
[email protected]
http://lists.diku.dk/mailman/listinfo/cocci
(Web access from inside DIKUs LAN only)
