From: Denis Efremov <efremov@linux.com>
To: "Gustavo A. R. Silva" <garsilva@embeddedor.com>,
Kees Cook <keescook@chromium.org>
Cc: Julia Lawall <Julia.Lawall@lip6.fr>,
cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org
Subject: Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks
Date: Wed, 17 Jun 2020 13:55:47 +0300 [thread overview]
Message-ID: <e34b7e26-6f07-19b6-39ad-e3bc939551fc@linux.com> (raw)
In-Reply-To: <4dd9c371-0c37-a4bb-e957-3848cb1a13ff@embeddedor.com>
>
> Awesome! I'll take a look into this. :)
>
Here is another script for your #83 ticket.
Currently, it issues 598 warnings.
// SPDX-License-Identifier: GPL-2.0-only
///
/// Check for missing overflow checks in allocation functions.
/// Low confidence because it's pointless to check for overflow
/// relatively small allocations.
///
// Confidence: Low
// Copyright: (C) 2020 Denis Efremov ISPRAS
// Options: --no-includes --include-headers
virtual patch
virtual context
virtual org
virtual report
@depends on patch@
expression E1, E2, E3, E4, size;
@@
(
- size = E1 * E2;
+ size = array_size(E1, E2);
|
- size = E1 * E2 * E3;
+ size = array3_size(E1, E2, E3);
|
- size = E1 * E2 + E3;
+ size = struct_size(E1, E2, E3);
)
... when != size = E4
when != size += E4
when != size -= E4
when != size *= E4
when != &size
\(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
vmalloc\|vzalloc\|vzalloc_node\|
kvmalloc\|kvzalloc\|kvzalloc_node\|
sock_kmalloc\|
f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
devm_kmalloc\|devm_kzalloc\)
(..., size, ...)
@r depends on !patch@
expression E1, E2, E3, E4, size;
position p;
@@
(
* size = E1 * E2;@p
|
* size = E1 * E2 * E3;@p
|
* size = E1 * E2 + E3;@p
)
... when != size = E4
when != size += E4
when != size -= E4
when != size *= E4
when != &size
* \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
vmalloc\|vzalloc\|vzalloc_node\|
kvmalloc\|kvzalloc\|kvzalloc_node\|
sock_kmalloc\|
f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
devm_kmalloc\|devm_kzalloc\)
(..., size, ...)
@script:python depends on report@
p << r.p;
@@
coccilib.report.print_report(p[0], "WARNING: missing overflow check")
@script:python depends on org@
p << r.p;
@@
coccilib.org.print_todo(p[0], "WARNING: missing overflow check")
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
WARNING: multiple messages have this Message-ID (diff)
From: Denis Efremov <efremov@linux.com>
To: "Gustavo A. R. Silva" <garsilva@embeddedor.com>,
Kees Cook <keescook@chromium.org>
Cc: Julia Lawall <Julia.Lawall@lip6.fr>,
cocci@systeme.lip6.fr, linux-kernel@vger.kernel.org
Subject: Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks
Date: Wed, 17 Jun 2020 13:55:47 +0300 [thread overview]
Message-ID: <e34b7e26-6f07-19b6-39ad-e3bc939551fc@linux.com> (raw)
In-Reply-To: <4dd9c371-0c37-a4bb-e957-3848cb1a13ff@embeddedor.com>
>
> Awesome! I'll take a look into this. :)
>
Here is another script for your #83 ticket.
Currently, it issues 598 warnings.
// SPDX-License-Identifier: GPL-2.0-only
///
/// Check for missing overflow checks in allocation functions.
/// Low confidence because it's pointless to check for overflow
/// relatively small allocations.
///
// Confidence: Low
// Copyright: (C) 2020 Denis Efremov ISPRAS
// Options: --no-includes --include-headers
virtual patch
virtual context
virtual org
virtual report
@depends on patch@
expression E1, E2, E3, E4, size;
@@
(
- size = E1 * E2;
+ size = array_size(E1, E2);
|
- size = E1 * E2 * E3;
+ size = array3_size(E1, E2, E3);
|
- size = E1 * E2 + E3;
+ size = struct_size(E1, E2, E3);
)
... when != size = E4
when != size += E4
when != size -= E4
when != size *= E4
when != &size
\(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
vmalloc\|vzalloc\|vzalloc_node\|
kvmalloc\|kvzalloc\|kvzalloc_node\|
sock_kmalloc\|
f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
devm_kmalloc\|devm_kzalloc\)
(..., size, ...)
@r depends on !patch@
expression E1, E2, E3, E4, size;
position p;
@@
(
* size = E1 * E2;@p
|
* size = E1 * E2 * E3;@p
|
* size = E1 * E2 + E3;@p
)
... when != size = E4
when != size += E4
when != size -= E4
when != size *= E4
when != &size
* \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
vmalloc\|vzalloc\|vzalloc_node\|
kvmalloc\|kvzalloc\|kvzalloc_node\|
sock_kmalloc\|
f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
devm_kmalloc\|devm_kzalloc\)
(..., size, ...)
@script:python depends on report@
p << r.p;
@@
coccilib.report.print_report(p[0], "WARNING: missing overflow check")
@script:python depends on org@
p << r.p;
@@
coccilib.org.print_todo(p[0], "WARNING: missing overflow check")
next prev parent reply other threads:[~2020-06-17 10:56 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-15 10:20 [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks Denis Efremov
2020-06-15 10:20 ` Denis Efremov
2020-06-15 18:23 ` [Cocci] " Kees Cook
2020-06-15 18:23 ` Kees Cook
2020-06-15 18:35 ` [Cocci] " Denis Efremov
2020-06-15 18:35 ` Denis Efremov
2020-06-15 18:46 ` [Cocci] " Gustavo A. R. Silva
2020-06-15 18:46 ` Gustavo A. R. Silva
2020-06-17 9:32 ` Denis Efremov
2020-06-17 9:32 ` Denis Efremov
2020-06-17 10:55 ` Denis Efremov [this message]
2020-06-17 10:55 ` Denis Efremov
2020-06-17 20:08 ` Julia Lawall
2020-06-17 20:08 ` Julia Lawall
2020-06-17 20:15 ` Julia Lawall
2020-06-17 20:15 ` Julia Lawall
2020-06-17 18:15 ` Kees Cook
2020-06-17 18:15 ` Kees Cook
2020-06-17 18:54 ` [Cocci] " Julia Lawall
2020-06-17 18:54 ` Julia Lawall
2020-06-18 19:52 ` Kees Cook
2020-06-18 19:52 ` Kees Cook
2020-06-18 19:56 ` Julia Lawall
2020-06-18 19:56 ` Julia Lawall
2020-06-18 20:48 ` Kees Cook
2020-06-18 20:48 ` Kees Cook
2020-06-18 21:08 ` Julia Lawall
2020-06-18 21:08 ` Julia Lawall
2020-06-17 20:30 ` Julia Lawall
2020-06-17 20:30 ` Julia Lawall
2020-06-17 20:50 ` Denis Efremov
2020-06-17 20:50 ` Denis Efremov
2020-06-17 20:52 ` Julia Lawall
2020-06-17 20:52 ` Julia Lawall
2020-06-18 10:23 ` [Cocci] [PATCH v2] " Denis Efremov
2020-06-18 10:23 ` Denis Efremov
2020-06-19 13:13 ` [Cocci] [PATCH v3] coccinelle: misc: add array_size_dup script to detect missed overflow checks Denis Efremov
2020-06-19 13:13 ` Denis Efremov
2020-06-21 20:53 ` [Cocci] " Julia Lawall
2020-06-21 20:53 ` Julia Lawall
2020-06-21 20:56 ` Julia Lawall
2020-06-21 20:56 ` Julia Lawall
2020-06-22 12:12 ` Denis Efremov
2020-06-22 12:12 ` Denis Efremov
2020-06-22 12:16 ` Denis Efremov
2020-06-22 12:16 ` Denis Efremov
2020-06-22 12:19 ` Julia Lawall
2020-06-22 12:19 ` Julia Lawall
2020-06-22 22:10 ` [Cocci] [PATCH v4] " Denis Efremov
2020-06-22 22:10 ` Denis Efremov
2020-06-24 19:42 ` [Cocci] " Julia Lawall
2020-06-24 19:42 ` Julia Lawall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e34b7e26-6f07-19b6-39ad-e3bc939551fc@linux.com \
--to=efremov@linux.com \
--cc=Julia.Lawall@lip6.fr \
--cc=cocci@systeme.lip6.fr \
--cc=garsilva@embeddedor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.