lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.22.394.2006172051280.3083@hadrien>
Date:   Wed, 17 Jun 2020 20:54:03 +0200 (CEST)
From:   Julia Lawall <julia.lawall@...ia.fr>
To:     Kees Cook <keescook@...omium.org>
cc:     Julia Lawall <Julia.Lawall@...6.fr>, cocci@...teme.lip6.fr,
        linux-kernel@...r.kernel.org
Subject: Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to
 detect missed overlow checks



On Wed, 17 Jun 2020, Kees Cook wrote:

> On Mon, Jun 15, 2020 at 01:20:45PM +0300, Denis Efremov wrote:
> > +@as@
> > +expression E1, E2;
> > +@@
> > +
> > +array_size(E1, E2)
>
> BTW, is there a way yet in Coccinelle to match a fully qualified (?)
> identifier? For example, if I have two lines in C:
>
> A)
> 	array_size(variable, 5);
> B)
> 	array_size(instance->member.size, 5);
> C)
> 	array_size(instance->member.size + 1, 5);
> D)
> 	array_size(function_call(variable), 5);
>
>
> This matches A, B, C, and D:
>
> @@
> expression ARG1;
> expression ARG2;
> @@
>
> array_size(ARG1, ARG2);
>
>
> This matches only A:
>
> @@
> identifier ARG1;
> expression ARG2;
> @@
>
> array_size(ARG1, ARG2);
>
>
> How do I get something to match A and B but not C and D (i.e. I do not
> want to match any operations, function calls, etc, only a variable,
> which may be identified through dereference, array index, or struct
> member access.)

\(i\|e.fld\|e->fld\)

would probably do what you want.  It will also match cases where e is a
function/macr call, but that is unlikely.

If you want a single metavariable that contains the whole thing, you can
have an expression metavariable E and then write:

\(\(i\|e.fld\|e->fld\) \& E\)

julia



>
>
> --
> Kees Cook
> _______________________________________________
> Cocci mailing list
> Cocci@...teme.lip6.fr
> https://systeme.lip6.fr/mailman/listinfo/cocci
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ