diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2023-10-08 18:43:16 -0400 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2023-10-08 18:43:16 -0400 |
| commit | b365e9d57ad445c5491737e230bc94213a139de7 (patch) | |
| tree | 3d3f2f38ed3e878438e343ed0c8d6037e55c2b86 /libcpp/include | |
| parent | 1f68a3e8727f36da80be8fe1c67ed6a4d9a568d9 (diff) | |
| download | gcc-b365e9d57ad445c5491737e230bc94213a139de7.zip gcc-b365e9d57ad445c5491737e230bc94213a139de7.tar.gz gcc-b365e9d57ad445c5491737e230bc94213a139de7.tar.bz2 | |
analyzer: improvements to out-of-bounds diagrams [PR111155]
Update out-of-bounds diagrams to show existing string values,
and the initial write index within a string buffer.
For example, given the out-of-bounds write in strcat in:
void test (void)
{
char buf[10];
strcpy (buf, "hello");
strcat (buf, " world!");
}
the diagram improves from:
┌─────┬─────┬────┬────┬────┐┌─────┬─────┬─────┐
│ [0] │ [1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │
├─────┼─────┼────┼────┼────┤├─────┼─────┼─────┤
│ ' ' │ 'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │
├─────┴─────┴────┴────┴────┴┴─────┴─────┴─────┤
│ string literal (type: 'char[8]') │
└─────────────────────────────────────────────┘
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
v v v v v v v v
┌─────┬────────────────────────────────────────┬────┐┌─────────────────┐
│ [0] │ ... │[9] ││ │
├─────┴────────────────────────────────────────┴────┤│after valid range│
│ 'buf' (type: 'char[10]') ││ │
└───────────────────────────────────────────────────┘└─────────────────┘
├─────────────────────────┬─────────────────────────┤├────────┬────────┤
│ │
╭─────────┴────────╮ ╭─────────┴─────────╮
│capacity: 10 bytes│ │overflow of 3 bytes│
╰──────────────────╯ ╰───────────────────╯
to:
┌────┬────┬────┬────┬────┐┌─────┬─────┬─────┐
│[0] │[1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │
├────┼────┼────┼────┼────┤├─────┼─────┼─────┤
│' ' │'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │
├────┴────┴────┴────┴────┴┴─────┴─────┴─────┤
│ string literal (type: 'char[8]') │
└───────────────────────────────────────────┘
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
v v v v v v v v
┌─────┬────────────────────┬────┬──────────────┬────┐┌─────────────────┐
│ [0] │ ... │[5] │ ... │[9] ││ │
├─────┼────┬────┬────┬────┬┼────┼──────────────┴────┘│ │
│ 'h' │'e' │'l' │'l' │'o' ││NUL │ │after valid range│
├─────┴────┴────┴────┴────┴┴────┴───────────────────┐│ │
│ 'buf' (type: 'char[10]') ││ │
└───────────────────────────────────────────────────┘└─────────────────┘
├─────────────────────────┬─────────────────────────┤├────────┬────────┤
│ │
╭─────────┴────────╮ ╭─────────┴─────────╮
│capacity: 10 bytes│ │overflow of 3 bytes│
╰──────────────────╯ ╰───────────────────╯
gcc/analyzer/ChangeLog:
PR analyzer/111155
* access-diagram.cc (boundaries::boundaries): Add logger param
(boundaries::add): Add logging.
(boundaries::get_hard_boundaries_in_range): New.
(boundaries::m_logger): New field.
(boundaries::get_table_x_for_offset): Make public.
(class svalue_spatial_item): New.
(class compound_svalue_spatial_item): New.
(add_ellipsis_to_gaps): New.
(valid_region_spatial_item::valid_region_spatial_item): Add theme
param. Initialize m_boundaries, m_existing_sval, and
m_existing_sval_spatial_item.
(valid_region_spatial_item::add_boundaries): Set m_boundaries.
Add boundaries for any m_existing_sval_spatial_item.
(valid_region_spatial_item::add_array_elements_to_table): Rewrite
creation of min/max index in terms of
maybe_add_array_index_to_table. Rewrite ellipsis code using
add_ellipsis_to_gaps. Add index values for any hard boundaries
within the valid region.
(valid_region_spatial_item::maybe_add_array_index_to_table): New,
based on code formerly in add_array_elements_to_table.
(valid_region_spatial_item::make_table): Make use of
m_existing_sval_spatial_item, if any.
(valid_region_spatial_item::m_boundaries): New field.
(valid_region_spatial_item::m_existing_sval): New field.
(valid_region_spatial_item::m_existing_sval_spatial_item): New
field.
(class svalue_spatial_item): Rename to...
(class written_svalue_spatial_item): ...this.
(class string_region_spatial_item): Rename to..
(class string_literal_spatial_item): ...this. Add "kind".
(string_literal_spatial_item::add_boundaries): Use m_kind to
determine kind of boundary. Update for renaming of m_actual_bits
to m_bits.
(string_literal_spatial_item::make_table): Likewise. Support not
displaying a row for byte indexes, and not displaying a row for
the type.
(string_literal_spatial_item::add_column_for_byte): Make byte index
row optional.
(svalue_spatial_item::make): Convert to...
(make_written_svalue_spatial_item): ...this.
(make_existing_svalue_spatial_item): New.
(access_diagram_impl::access_diagram_impl): Pass theme to
m_valid_region_spatial_item ctor. Update for renaming of
m_svalue_spatial_item.
(access_diagram_impl::find_boundaries): Pass logger to boundaries.
Update for renaming of...
(access_diagram_impl::m_svalue_spatial_item): Rename to...
(access_diagram_impl::m_written_svalue_spatial_item): ...this.
gcc/testsuite/ChangeLog:
PR analyzer/111155
* c-c++-common/analyzer/out-of-bounds-diagram-strcat-2.c: New test.
* c-c++-common/analyzer/out-of-bounds-diagram-strcat.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-17.c: Update expected
result to show the existing content of "buf" and the index at
which the write starts.
* gcc.dg/analyzer/out-of-bounds-diagram-18.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-diagram-19.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-diagram-6.c: Update expected
output.
gcc/ChangeLog:
PR analyzer/111155
* text-art/table.cc (table::maybe_set_cell_span): New.
(table::add_other_table): New.
* text-art/table.h (class table::cell_placement): Add class table
as a friend.
(table::add_rows): New.
(table::add_row): Reimplement in terms of add_rows.
(table::maybe_set_cell_span): New decl.
(table::add_other_table): New decl.
* text-art/types.h (operator+): New operator for rect + coord.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'libcpp/include')
0 files changed, 0 insertions, 0 deletions