Re: [Cocci] Coccinelle: Length/Size of char array?
On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote:
>
> On Mon, 2 Aug 2021, Joe Perches wrote:
>
> > Is it possible to determine the length of a matched char array and use
> > the length in a test?
> >
> > For instance, add something like a test to show only the instances
> > where a src buffer overruns a dest buffer.
> >
> > void foo(void)
> > {
> > char foo[5];
> >
> > strcpy(foo, "fits");
> > }
> >
> > it would be useful to see only the instances where the dest
> > buffer would be overrun like:
> >
> > void foo(void)
> > {
> > char foo[5];
> >
> > strcpy(foo, "doesn't fit");
> > }
> >
> > ---
> >
> > This would find all instances of a constant src array into non-pointer dst:
> >
> > @@
> > char [] dest;
> > constant char [] src;
> > @@
> >
> > * strcpy(dest, src)
> >
> > ---
> >
> > Is there a mexhanism like:
> >
> > @@
> > char [] dest;
> > constant char [] src;
> > @@
> >
> > when (some cocci grammar testing length(dest) < length(src))
> > * strcpy(dest, src)
>
> You can match the size and the string, and then use python or ocaml code
> to do the needed comparisons.
Pardon the question, but how do you determine the size?
> Does it occur often enough that the string
> is explicit in the call to make it worth it?
The idea is just to find defects/buffer overruns.
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
[Cocci] Coccinelle: Length/Size of char array?
Is it possible to determine the length of a matched char array and use
the length in a test?
For instance, add something like a test to show only the instances
where a src buffer overruns a dest buffer.
void foo(void)
{
char foo[5];
strcpy(foo, "fits");
}
it would be useful to see only the instances where the dest
buffer would be overrun like:
void foo(void)
{
char foo[5];
strcpy(foo, "doesn't fit");
}
---
This would find all instances of a constant src array into non-pointer dst:
@@
char [] dest;
constant char [] src;
@@
* strcpy(dest, src)
---
Is there a mexhanism like:
@@
char [] dest;
constant char [] src;
@@
when (some cocci grammar testing length(dest) < length(src))
* strcpy(dest, src)
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] Coccinelle: Length/Size of char array?
On Mon, 2 Aug 2021, Joe Perches wrote:
> On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote:
> >
> > On Mon, 2 Aug 2021, Joe Perches wrote:
> >
> > > Is it possible to determine the length of a matched char array and use
> > > the length in a test?
> > >
> > > For instance, add something like a test to show only the instances
> > > where a src buffer overruns a dest buffer.
> > >
> > > void foo(void)
> > > {
> > > char foo[5];
> > >
> > > strcpy(foo, "fits");
> > > }
> > >
> > > it would be useful to see only the instances where the dest
> > > buffer would be overrun like:
> > >
> > > void foo(void)
> > > {
> > > char foo[5];
> > >
> > > strcpy(foo, "doesn't fit");
> > > }
> > >
> > > ---
> > >
> > > This would find all instances of a constant src array into non-pointer
> > > dst:
> > >
> > > @@
> > > char [] dest;
> > > constant char [] src;
> > > @@
> > >
> > > * strcpy(dest, src)
> > >
> > > ---
> > >
> > > Is there a mexhanism like:
> > >
> > > @@
> > > char [] dest;
> > > constant char [] src;
> > > @@
> > >
> > > when (some cocci grammar testing length(dest) < length(src))
> > > * strcpy(dest, src)
> >
> > You can match the size and the string, and then use python or ocaml code
> > to do the needed comparisons.
>
> Pardon the question, but how do you determine the size?
In the case of a local variable, you can do:
@r@
constant int n;
identifier i;
constant char [] c;
position p1,p2;
@@
char i@p1[n];
... when exists
strcpy@p2(i,c);
@script:ocaml@
p1 << r.p1;
p2 << r.p2;
n << r.n;
c << r.c;
@@
if string_of_int n < String.length c
then ...
A similar script can be written in python.
If the array is allocated somewhere else, it would be more complicated.
julia
>
> > Does it occur often enough that the string
> > is explicit in the call to make it worth it?
>
> The idea is just to find defects/buffer overruns.
>
>
>
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] Coccinelle: Length/Size of char array?
On Mon, 2 Aug 2021, Joe Perches wrote:
> Is it possible to determine the length of a matched char array and use
> the length in a test?
>
> For instance, add something like a test to show only the instances
> where a src buffer overruns a dest buffer.
>
> void foo(void)
> {
> char foo[5];
>
> strcpy(foo, "fits");
> }
>
> it would be useful to see only the instances where the dest
> buffer would be overrun like:
>
> void foo(void)
> {
> char foo[5];
>
> strcpy(foo, "doesn't fit");
> }
>
> ---
>
> This would find all instances of a constant src array into non-pointer dst:
>
> @@
> char [] dest;
> constant char [] src;
> @@
>
> * strcpy(dest, src)
>
> ---
>
> Is there a mexhanism like:
>
> @@
> char [] dest;
> constant char [] src;
> @@
>
> when (some cocci grammar testing length(dest) < length(src))
> * strcpy(dest, src)
You can match the size and the string, and then use python or ocaml code
to do the needed comparisons. Does it occur often enough that the string
is explicit in the call to make it worth it?
julia
___
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
