cocci.inria.fr archive mirror
 help / color / mirror / Atom feed
* [Cocci] Coccinelle: Length/Size of char array?
@ 2021-08-02 17:00 Joe Perches
  2021-08-02 17:35 ` Julia Lawall
  0 siblings, 1 reply; 4+ messages in thread
From: Joe Perches @ 2021-08-02 17:00 UTC (permalink / raw)
  To: cocci

Is it possible to determine the length of a matched char array and use
the length in a test?

For instance, add something like a test to show only the instances
where a src buffer overruns a dest buffer.

void foo(void)
{
	char foo[5];

	strcpy(foo, "fits");
}

it would be useful to see only the instances where the dest
buffer would be overrun like:

void foo(void)
{
	char foo[5];

	strcpy(foo, "doesn't fit");
}

---

This would find all instances of a constant src array into non-pointer dst:

@@
char [] dest;
constant char [] src;
@@

*	strcpy(dest, src)

---

Is there a mexhanism like:

@@
char [] dest;
constant char [] src;
@@

	when (some cocci grammar testing length(dest) < length(src))
*	strcpy(dest, src)


_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Cocci] Coccinelle: Length/Size of char array?
  2021-08-02 17:00 [Cocci] Coccinelle: Length/Size of char array? Joe Perches
@ 2021-08-02 17:35 ` Julia Lawall
  2021-08-02 17:43   ` Joe Perches
  0 siblings, 1 reply; 4+ messages in thread
From: Julia Lawall @ 2021-08-02 17:35 UTC (permalink / raw)
  To: Joe Perches; +Cc: cocci



On Mon, 2 Aug 2021, Joe Perches wrote:

> Is it possible to determine the length of a matched char array and use
> the length in a test?
>
> For instance, add something like a test to show only the instances
> where a src buffer overruns a dest buffer.
>
> void foo(void)
> {
> 	char foo[5];
>
> 	strcpy(foo, "fits");
> }
>
> it would be useful to see only the instances where the dest
> buffer would be overrun like:
>
> void foo(void)
> {
> 	char foo[5];
>
> 	strcpy(foo, "doesn't fit");
> }
>
> ---
>
> This would find all instances of a constant src array into non-pointer dst:
>
> @@
> char [] dest;
> constant char [] src;
> @@
>
> *	strcpy(dest, src)
>
> ---
>
> Is there a mexhanism like:
>
> @@
> char [] dest;
> constant char [] src;
> @@
>
> 	when (some cocci grammar testing length(dest) < length(src))
> *	strcpy(dest, src)

You can match the size and the string, and then use python or ocaml code
to do the needed comparisons.  Does it occur often enough that the string
is explicit in the call to make it worth it?

julia
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Cocci] Coccinelle: Length/Size of char array?
  2021-08-02 17:35 ` Julia Lawall
@ 2021-08-02 17:43   ` Joe Perches
  2021-08-02 18:05     ` Julia Lawall
  0 siblings, 1 reply; 4+ messages in thread
From: Joe Perches @ 2021-08-02 17:43 UTC (permalink / raw)
  To: Julia Lawall; +Cc: cocci

On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote:
> 
> On Mon, 2 Aug 2021, Joe Perches wrote:
> 
> > Is it possible to determine the length of a matched char array and use
> > the length in a test?
> > 
> > For instance, add something like a test to show only the instances
> > where a src buffer overruns a dest buffer.
> > 
> > void foo(void)
> > {
> > 	char foo[5];
> > 
> > 	strcpy(foo, "fits");
> > }
> > 
> > it would be useful to see only the instances where the dest
> > buffer would be overrun like:
> > 
> > void foo(void)
> > {
> > 	char foo[5];
> > 
> > 	strcpy(foo, "doesn't fit");
> > }
> > 
> > ---
> > 
> > This would find all instances of a constant src array into non-pointer dst:
> > 
> > @@
> > char [] dest;
> > constant char [] src;
> > @@
> > 
> > *	strcpy(dest, src)
> > 
> > ---
> > 
> > Is there a mexhanism like:
> > 
> > @@
> > char [] dest;
> > constant char [] src;
> > @@
> > 
> > 	when (some cocci grammar testing length(dest) < length(src))
> > *	strcpy(dest, src)
> 
> You can match the size and the string, and then use python or ocaml code
> to do the needed comparisons.

Pardon the question, but how do you determine the size?

> Does it occur often enough that the string
> is explicit in the call to make it worth it?

The idea is just to find defects/buffer overruns.


_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Cocci] Coccinelle: Length/Size of char array?
  2021-08-02 17:43   ` Joe Perches
@ 2021-08-02 18:05     ` Julia Lawall
  0 siblings, 0 replies; 4+ messages in thread
From: Julia Lawall @ 2021-08-02 18:05 UTC (permalink / raw)
  To: Joe Perches; +Cc: cocci



On Mon, 2 Aug 2021, Joe Perches wrote:

> On Mon, 2021-08-02 at 19:35 +0200, Julia Lawall wrote:
> >
> > On Mon, 2 Aug 2021, Joe Perches wrote:
> >
> > > Is it possible to determine the length of a matched char array and use
> > > the length in a test?
> > >
> > > For instance, add something like a test to show only the instances
> > > where a src buffer overruns a dest buffer.
> > >
> > > void foo(void)
> > > {
> > > 	char foo[5];
> > >
> > > 	strcpy(foo, "fits");
> > > }
> > >
> > > it would be useful to see only the instances where the dest
> > > buffer would be overrun like:
> > >
> > > void foo(void)
> > > {
> > > 	char foo[5];
> > >
> > > 	strcpy(foo, "doesn't fit");
> > > }
> > >
> > > ---
> > >
> > > This would find all instances of a constant src array into non-pointer dst:
> > >
> > > @@
> > > char [] dest;
> > > constant char [] src;
> > > @@
> > >
> > > *	strcpy(dest, src)
> > >
> > > ---
> > >
> > > Is there a mexhanism like:
> > >
> > > @@
> > > char [] dest;
> > > constant char [] src;
> > > @@
> > >
> > > 	when (some cocci grammar testing length(dest) < length(src))
> > > *	strcpy(dest, src)
> >
> > You can match the size and the string, and then use python or ocaml code
> > to do the needed comparisons.
>
> Pardon the question, but how do you determine the size?

In the case of a local variable, you can do:

@r@
constant int n;
identifier i;
constant char [] c;
position p1,p2;
@@

char i@p1[n];
... when exists
strcpy@p2(i,c);

@script:ocaml@
p1 << r.p1;
p2 << r.p2;
n << r.n;
c << r.c;
@@

if string_of_int n < String.length c
then ...

A similar script can be written in python.

If the array is allocated somewhere else, it would be more complicated.

julia

>
> > Does it occur often enough that the string
> > is explicit in the call to make it worth it?
>
> The idea is just to find defects/buffer overruns.
>
>
>
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-08-02 23:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-02 17:00 [Cocci] Coccinelle: Length/Size of char array? Joe Perches
2021-08-02 17:35 ` Julia Lawall
2021-08-02 17:43   ` Joe Perches
2021-08-02 18:05     ` Julia Lawall

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).