On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote: > > On Mon, 2 Aug 2021, Joe Perches wrote: > > > Is it possible to determine the length of a matched char array and use > > the length in a test? > > > > For instance, add something like a test to show only the instances > > where a src buffer overruns a dest buffer. > > > > void foo(void) > > { > > char foo[5]; > > > > strcpy(foo, "fits"); > > } > > > > it would be useful to see only the instances where the dest > > buffer would be overrun like: > > > > void foo(void) > > { > > char foo[5]; > > > > strcpy(foo, "doesn't fit"); > > } > > > > --- > > > > This would find all instances of a constant src array into non-pointer dst: > > > > @@ > > char [] dest; > > constant char [] src; > > @@ > > > > * strcpy(dest, src) > > > > --- > > > > Is there a mexhanism like: > > > > @@ > > char [] dest; > > constant char [] src; > > @@ > > > > when (some cocci grammar testing length(dest) < length(src)) > > * strcpy(dest, src) > > You can match the size and the string, and then use python or ocaml code > to do the needed comparisons.
Pardon the question, but how do you determine the size? > Does it occur often enough that the string > is explicit in the call to make it worth it? The idea is just to find defects/buffer overruns. _______________________________________________ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci