e754948125
include/linux/overflow.h includes helper macros intended for calculating sizes of allocations. These macros prevent accidental overflow by saturating at SIZE_MAX. In general when calculating such sizes use of the macros is preferred. Add a semantic patch which can detect code patterns which can be replaced by struct_size. Note that I set the confidence to medium because this patch doesn't make an attempt to ensure that the relevant array is actually a flexible array. The struct_size macro does specifically require a flexible array. In many cases the detected code could be refactored to a flexible array, but this is not always possible (such as if there are multiple over-allocations). Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Link: https://lore.kernel.org/r/20230227202428.3657443-1-jacob.e.keller@intel.com Signed-off-by: Kees Cook <keescook@chromium.org>
75 lines
1.6 KiB
Plaintext
75 lines
1.6 KiB
Plaintext
// SPDX-License-Identifier: GPL-2.0-only
|
|
///
|
|
/// Check for code that could use struct_size().
|
|
///
|
|
// Confidence: Medium
|
|
// Author: Jacob Keller <jacob.e.keller@intel.com>
|
|
// Copyright: (C) 2023 Intel Corporation
|
|
// Options: --no-includes --include-headers
|
|
|
|
virtual patch
|
|
virtual context
|
|
virtual org
|
|
virtual report
|
|
|
|
// the overflow Kunit tests have some code which intentionally does not use
|
|
// the macros, so we want to ignore this code when reporting potential
|
|
// issues.
|
|
@overflow_tests@
|
|
identifier f = overflow_size_helpers_test;
|
|
@@
|
|
|
|
f
|
|
|
|
//----------------------------------------------------------
|
|
// For context mode
|
|
//----------------------------------------------------------
|
|
|
|
@depends on !overflow_tests && context@
|
|
expression E1, E2;
|
|
identifier m;
|
|
@@
|
|
(
|
|
* (sizeof(*E1) + (E2 * sizeof(*E1->m)))
|
|
)
|
|
|
|
//----------------------------------------------------------
|
|
// For patch mode
|
|
//----------------------------------------------------------
|
|
|
|
@depends on !overflow_tests && patch@
|
|
expression E1, E2;
|
|
identifier m;
|
|
@@
|
|
(
|
|
- (sizeof(*E1) + (E2 * sizeof(*E1->m)))
|
|
+ struct_size(E1, m, E2)
|
|
)
|
|
|
|
//----------------------------------------------------------
|
|
// For org and report mode
|
|
//----------------------------------------------------------
|
|
|
|
@r depends on !overflow_tests && (org || report)@
|
|
expression E1, E2;
|
|
identifier m;
|
|
position p;
|
|
@@
|
|
(
|
|
(sizeof(*E1)@p + (E2 * sizeof(*E1->m)))
|
|
)
|
|
|
|
@script:python depends on org@
|
|
p << r.p;
|
|
@@
|
|
|
|
coccilib.org.print_todo(p[0], "WARNING should use struct_size")
|
|
|
|
@script:python depends on report@
|
|
p << r.p;
|
|
@@
|
|
|
|
msg="WARNING: Use struct_size"
|
|
coccilib.report.print_report(p[0], msg)
|
|
|