| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <30a3a2b1-deef-4f3f-b7da-4164360190ed@web.de> Date: Sat, 5 Jul 2025 22:05:44 +0200 From: Markus Elfring <Markus.Elfring@....de> To: cocci@...ia.fr, kernel-janitors@...r.kernel.org, Julia Lawall <Julia.Lawall@...ia.fr>, Nicolas Palix <nicolas.palix@...g.fr> Cc: LKML <linux-kernel@...r.kernel.org> Subject: [PATCH] Coccinelle: misc: Add SmPL script “show_questionable_count_limit_checks.cocci” From: Markus Elfring <elfring@...rs.sourceforge.net> Date: Sat, 5 Jul 2025 21:46:23 +0200 Some known programming mistakes are repeated. See also: * https://lore.kernel.org/all/?q=%22Fix+off+by+one%22 * https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts Thus provide design options for the adjustment of affected source code also by the means of the semantic patch language (Coccinelle software). Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net> --- A parse check for the operation mode “report” provides the following hint. “… Grep query for …” It seems that such a key word tends to occur in a lot of source files. Thus this source code search pattern will probably trigger the demand for special computation resources. I became curious on corresponding collateral evolution. ...show_questionable_count_limit_checks.cocci | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 scripts/coccinelle/misc/show_questionable_count_limit_checks.cocci diff --git a/scripts/coccinelle/misc/show_questionable_count_limit_checks.cocci b/scripts/coccinelle/misc/show_questionable_count_limit_checks.cocci new file mode 100644 index 000000000000..d565e306711f --- /dev/null +++ b/scripts/coccinelle/misc/show_questionable_count_limit_checks.cocci @@ -0,0 +1,72 @@ +// SPDX-License-Identifier: GPL-2.0 +/// Reconsider questionable count limit checks. +// +// Keywords: detection programming mistakes +// Confidence: Medium +// Options: --no-includes --include-headers + +virtual context, patch, report, org + +@...ends on context@ +expression limit; +identifier i; +statement s; +@@ + for ( + <+... i = 0 ...+> ; +* i <= limit + ; + <+... +( i++ +| ++i +) ...+> + ) + s + +@...ends on patch disable gtr_lss_eq@ +expression limit; +identifier i; +statement s; +@@ + for ( + <+... i = 0 ...+> ; +( +- i <= limit ++ i < limit +| +- limit >= i ++ limit > i +) ; + <+... +( i++ +| ++i +) ...+> + ) + s + +@x depends on org || report@ +expression limit; +identifier i; +position p; +statement s; +@@ + for ( + <+... i = 0 ...+> ; + i <= limit + ;@p + <+... +( i++ +| ++i +) ...+> + ) + s + +@...ipt:python depends on org@ +p << x.p; +@@ +coccilib.org.print_todo(p[0], "WARNING: Reconsider questionable count limit check once more.") + +@...ipt:python depends on report@ +p << x.p; +@@ +coccilib.report.print_report(p[0], "WARNING: Reconsider questionable count limit check once more.") -- 2.50.0
Powered by blists - more mailing lists