Re: [Cocci] Coccinelle: Length/Size of char array?
On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote: > > On Mon, 2 Aug 2021, Joe Perches wrote: > > > Is it possible to determine the length of a matched char array and use > > the length in a test? > > > > For instance, add something like a test to show only the instances > > where a src buffer overruns a dest buffer. > > > > void foo(void) > > { > > char foo[5]; > > > > strcpy(foo, "fits"); > > } > > > > it would be useful to see only the instances where the dest > > buffer would be overrun like: > > > > void foo(void) > > { > > char foo[5]; > > > > strcpy(foo, "doesn't fit"); > > } > > > > --- > > > > This would find all instances of a constant src array into non-pointer dst: > > > > @@ > > char [] dest; > > constant char [] src; > > @@ > > > > * strcpy(dest, src) > > > > --- > > > > Is there a mexhanism like: > > > > @@ > > char [] dest; > > constant char [] src; > > @@ > > > > when (some cocci grammar testing length(dest) < length(src)) > > * strcpy(dest, src) > > You can match the size and the string, and then use python or ocaml code > to do the needed comparisons. Pardon the question, but how do you determine the size? > Does it occur often enough that the string > is explicit in the call to make it worth it? The idea is just to find defects/buffer overruns. ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
[Cocci] Coccinelle: Length/Size of char array?
Is it possible to determine the length of a matched char array and use the length in a test? For instance, add something like a test to show only the instances where a src buffer overruns a dest buffer. void foo(void) { char foo[5]; strcpy(foo, "fits"); } it would be useful to see only the instances where the dest buffer would be overrun like: void foo(void) { char foo[5]; strcpy(foo, "doesn't fit"); } --- This would find all instances of a constant src array into non-pointer dst: @@ char [] dest; constant char [] src; @@ * strcpy(dest, src) --- Is there a mexhanism like: @@ char [] dest; constant char [] src; @@ when (some cocci grammar testing length(dest) < length(src)) * strcpy(dest, src) ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] Coccinelle: Length/Size of char array?
On Mon, 2 Aug 2021, Joe Perches wrote: > On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote: > > > > On Mon, 2 Aug 2021, Joe Perches wrote: > > > > > Is it possible to determine the length of a matched char array and use > > > the length in a test? > > > > > > For instance, add something like a test to show only the instances > > > where a src buffer overruns a dest buffer. > > > > > > void foo(void) > > > { > > > char foo[5]; > > > > > > strcpy(foo, "fits"); > > > } > > > > > > it would be useful to see only the instances where the dest > > > buffer would be overrun like: > > > > > > void foo(void) > > > { > > > char foo[5]; > > > > > > strcpy(foo, "doesn't fit"); > > > } > > > > > > --- > > > > > > This would find all instances of a constant src array into non-pointer > > > dst: > > > > > > @@ > > > char [] dest; > > > constant char [] src; > > > @@ > > > > > > * strcpy(dest, src) > > > > > > --- > > > > > > Is there a mexhanism like: > > > > > > @@ > > > char [] dest; > > > constant char [] src; > > > @@ > > > > > > when (some cocci grammar testing length(dest) < length(src)) > > > * strcpy(dest, src) > > > > You can match the size and the string, and then use python or ocaml code > > to do the needed comparisons. > > Pardon the question, but how do you determine the size? In the case of a local variable, you can do: @r@ constant int n; identifier i; constant char [] c; position p1,p2; @@ char i@p1[n]; ... when exists strcpy@p2(i,c); @script:ocaml@ p1 << r.p1; p2 << r.p2; n << r.n; c << r.c; @@ if string_of_int n < String.length c then ... A similar script can be written in python. If the array is allocated somewhere else, it would be more complicated. julia > > > Does it occur often enough that the string > > is explicit in the call to make it worth it? > > The idea is just to find defects/buffer overruns. > > > ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci
Re: [Cocci] Coccinelle: Length/Size of char array?
On Mon, 2 Aug 2021, Joe Perches wrote: > Is it possible to determine the length of a matched char array and use > the length in a test? > > For instance, add something like a test to show only the instances > where a src buffer overruns a dest buffer. > > void foo(void) > { > char foo[5]; > > strcpy(foo, "fits"); > } > > it would be useful to see only the instances where the dest > buffer would be overrun like: > > void foo(void) > { > char foo[5]; > > strcpy(foo, "doesn't fit"); > } > > --- > > This would find all instances of a constant src array into non-pointer dst: > > @@ > char [] dest; > constant char [] src; > @@ > > * strcpy(dest, src) > > --- > > Is there a mexhanism like: > > @@ > char [] dest; > constant char [] src; > @@ > > when (some cocci grammar testing length(dest) < length(src)) > * strcpy(dest, src) You can match the size and the string, and then use python or ocaml code to do the needed comparisons. Does it occur often enough that the string is explicit in the call to make it worth it? julia ___ Cocci mailing list Cocci@systeme.lip6.fr https://systeme.lip6.fr/mailman/listinfo/cocci