On Sun, Dec 09, 2018 at 02:53:09PM -0700, Tycho Andersen wrote: > > * add a new annotation to force sparse to check the byte count > > (I'm thinking about __range__/OP_RANGE or something similar). > > Yes, I was playing around with inventing some check like this without > the need for an annotation. It's not clear to me if it's going to work > or not yet, though :). Top two patches here are what I was playing > with: > > https://github.com/tych0/sparse/commits/check-as-infoleaks [I've trimmed the CC, just keeping sparse's mailing list] Don't hesitate to post them on sparse's mailing list, please. I've just taken a quick look and I noticed that for: +static void check_copy_size(struct instruction *insn) +{ + pseudo_t size = argument(insn, 3); + pseudo_t src = argument(insn, 2); + long long src_actual; + long long size_actual = LLONG_MAX; + + /* Find the size of *src, if we can. */ + switch (src->type) { + case PSEUDO_SYM: { + struct symbol *base = src->sym->ctype.base_type; + + if (!base) + return; + + src_actual = base->bit_size / 8; There is a bits_to_bytes() for this. + break; + } + default: + warning(insn->pos, "huh? copy to user src not a pseudo_sym? %d", src->type); + return; If called on: struct foo { int bar; int fred; }; struct foo f; copy_to_user(.., &f.fred, ...) Then src is not a PSEUDO_SYM (it should be a PSEUDO_REG equal to a PSEUDO_SYM plus fred's offset). > > * do these checks before functions are inlined (but then some > > constant count could not yet be seen as constant). > > Yeah, I guess I was wondering if there was some more clever location > in sparse itself we could move these to. No :( -- Luc
