On Mon, 2 Aug 2021, Joe Perches wrote:
> Is it possible to determine the length of a matched char array and use
> the length in a test?
>
> For instance, add something like a test to show only the instances
> where a src buffer overruns a dest buffer.
>
> void foo(void)
> {
> char foo[5];
>
> strcpy(foo, "fits");
> }
>
> it would be useful to see only the instances where the dest
> buffer would be overrun like:
>
> void foo(void)
> {
> char foo[5];
>
> strcpy(foo, "doesn't fit");
> }
>
> ---
>
> This would find all instances of a constant src array into non-pointer dst:
>
> @@
> char [] dest;
> constant char [] src;
> @@
>
> * strcpy(dest, src)
>
> ---
>
> Is there a mexhanism like:
>
> @@
> char [] dest;
> constant char [] src;
> @@
>
> when (some cocci grammar testing length(dest) < length(src))
> * strcpy(dest, src)
You can match the size and the string, and then use python or ocaml code
to do the needed comparisons. Does it occur often enough that the string
is explicit in the call to make it worth it?
julia
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
