Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to detect missed overlow checks

[Julia Lawall]

On Wed, 17 Jun 2020, Kees Cook wrote:

> On Mon, Jun 15, 2020 at 01:20:45PM +0300, Denis Efremov wrote:
> > +@as@
> > +expression E1, E2;
> > +@@
> > +
> > +array_size(E1, E2)
>
> BTW, is there a way yet in Coccinelle to match a fully qualified (?)
> identifier? For example, if I have two lines in C:
>
> A)
> 	array_size(variable, 5);
> B)
> 	array_size(instance->member.size, 5);
> C)
> 	array_size(instance->member.size + 1, 5);
> D)
> 	array_size(function_call(variable), 5);
>
>
> This matches A, B, C, and D:
>
> @@
> expression ARG1;
> expression ARG2;
> @@
>
> array_size(ARG1, ARG2);
>
>
> This matches only A:
>
> @@
> identifier ARG1;
> expression ARG2;
> @@
>
> array_size(ARG1, ARG2);
>
>
> How do I get something to match A and B but not C and D (i.e. I do not
> want to match any operations, function calls, etc, only a variable,
> which may be identified through dereference, array index, or struct
> member access.)

\(i\|e.fld\|e->fld\)

would probably do what you want.  It will also match cases where e is a
function/macr call, but that is unlikely.

If you want a single metavariable that contains the whole thing, you can
have an expression metavariable E and then write:

\(\(i\|e.fld\|e->fld\) \& E\)

julia



>
>
> --
> Kees Cook
> _______________________________________________
> Cocci mailing list
> Cocci@xxxxxxxxxxxxxxx
> https://systeme.lip6.fr/mailman/listinfo/cocci
>