On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote:
>
> On Mon, 2 Aug 2021, Joe Perches wrote:
>
> > Is it possible to determine the length of a matched char array and use
> > the length in a test?
> >
> > For instance, add something like a test to show only the instances
> > where a src buffer overruns a dest buffer.
> >
> > void foo(void)
> > {
> > char foo[5];
> >
> > strcpy(foo, "fits");
> > }
> >
> > it would be useful to see only the instances where the dest
> > buffer would be overrun like:
> >
> > void foo(void)
> > {
> > char foo[5];
> >
> > strcpy(foo, "doesn't fit");
> > }
> >
> > ---
> >
> > This would find all instances of a constant src array into non-pointer dst:
> >
> > @@
> > char [] dest;
> > constant char [] src;
> > @@
> >
> > * strcpy(dest, src)
> >
> > ---
> >
> > Is there a mexhanism like:
> >
> > @@
> > char [] dest;
> > constant char [] src;
> > @@
> >
> > when (some cocci grammar testing length(dest) < length(src))
> > * strcpy(dest, src)
>
> You can match the size and the string, and then use python or ocaml code
> to do the needed comparisons.
Pardon the question, but how do you determine the size?
> Does it occur often enough that the string
> is explicit in the call to make it worth it?
The idea is just to find defects/buffer overruns.
_______________________________________________
Cocci mailing list
[email protected]
https://systeme.lip6.fr/mailman/listinfo/cocci
