On Mon, 2 Aug 2021, Joe Perches wrote:
> On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote:
> >
> > On Mon, 2 Aug 2021, Joe Perches wrote:
> >
> > > Is it possible to determine the length of a matched char array and use
> > > the length in a test?
> > >
> > > For instance, add something like a test to show only the instances
> > > where a src buffer overruns a dest buffer.
> > >
> > > void foo(void)
> > > {
> > > char foo[5];
> > >
> > > strcpy(foo, "fits");
> > > }
> > >
> > > it would be useful to see only the instances where the dest
> > > buffer would be overrun like:
> > >
> > > void foo(void)
> > > {
> > > char foo[5];
> > >
> > > strcpy(foo, "doesn't fit");
> > > }
> > >
> > > ---
> > >
> > > This would find all instances of a constant src array into non-pointer
> > > dst:
> > >
> > > @@
> > > char [] dest;
> > > constant char [] src;
> > > @@
> > >
> > > * strcpy(dest, src)
> > >
> > > ---
> > >
> > > Is there a mexhanism like:
> > >
> > > @@
> > > char [] dest;
> > > constant char [] src;
> > > @@
> > >
> > > when (some cocci grammar testing length(dest) < length(src))
> > > * strcpy(dest, src)
> >
> > You can match the size and the string, and then use python or ocaml code
> > to do the needed comparisons.
>
> Pardon the question, but how do you determine the size?
In the case of a local variable, you can do:
@r@
constant int n;
identifier i;
constant char [] c;
position p1,p2;
@@
char i@p1[n];
... when exists
strcpy@p2(i,c);
@script:ocaml@
p1 << r.p1;
p2 << r.p2;
n << r.n;
c << r.c;
@@
if string_of_int n < String.length c
then ...
A similar script can be written in python.
If the array is allocated somewhere else, it would be more complicated.
julia
>
> > Does it occur often enough that the string
> > is explicit in the call to make it worth it?
>
> The idea is just to find defects/buffer overruns.
>
>
>
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
