| 1 | #!/usr/bin/perl
|
|---|
| 2 |
|
|---|
| 3 | # Check for malloc calls not shortly followed by initialisation.
|
|---|
| 4 | #
|
|---|
| 5 | # Known limitations:
|
|---|
| 6 | # - false negative: can't see allocations spanning more than one line
|
|---|
| 7 | # - possible false negatives, see patterns
|
|---|
| 8 | # - false positive: malloc-malloc-init-init is not accepted
|
|---|
| 9 | # - false positives: "non-standard" init functions (eg, the things being
|
|---|
| 10 | # initialised is not the first arg, or initialise struct members)
|
|---|
| 11 | #
|
|---|
| 12 | # Since false positives are expected, the results must be manually reviewed.
|
|---|
| 13 | #
|
|---|
| 14 | # Typical usage: scripts/malloc-init.pl library/*.c
|
|---|
| 15 |
|
|---|
| 16 | use warnings;
|
|---|
| 17 | use strict;
|
|---|
| 18 |
|
|---|
| 19 | use utf8;
|
|---|
| 20 | use open qw(:std utf8);
|
|---|
| 21 |
|
|---|
| 22 | my $limit = 7;
|
|---|
| 23 | my $inits = qr/memset|memcpy|_init|fread|base64_..code/;
|
|---|
| 24 |
|
|---|
| 25 | # cases to bear in mind:
|
|---|
| 26 | #
|
|---|
| 27 | # 0. foo = malloc(...); memset( foo, ... );
|
|---|
| 28 | # 1. *foo = malloc(...); memset( *foo, ... );
|
|---|
| 29 | # 2. type *foo = malloc(...); memset( foo, ...);
|
|---|
| 30 | # 3. foo = malloc(...); foo_init( (type *) foo );
|
|---|
| 31 | # 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); }
|
|---|
| 32 | #
|
|---|
| 33 | # The chosen patterns are a bit relaxed, but unlikely to cause false positives
|
|---|
| 34 | # in real code (initialising *foo or &foo instead of foo will likely be caught
|
|---|
| 35 | # by functional tests).
|
|---|
| 36 | #
|
|---|
| 37 | my $id = qr/([a-zA-Z-0-9_\->\.]*)/;
|
|---|
| 38 | my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/;
|
|---|
| 39 |
|
|---|
| 40 | my $name;
|
|---|
| 41 | my $line;
|
|---|
| 42 | my @bad;
|
|---|
| 43 |
|
|---|
| 44 | die "Usage: $0 file.c [...]\n" unless @ARGV;
|
|---|
| 45 |
|
|---|
| 46 | while (my $file = shift @ARGV)
|
|---|
| 47 | {
|
|---|
| 48 | open my $fh, "<", $file or die "read $file failed: $!\n";
|
|---|
| 49 | while (<$fh>)
|
|---|
| 50 | {
|
|---|
| 51 | if( /mbedtls_malloc\(/ ) {
|
|---|
| 52 | if( /$id\s*=.*mbedtls_malloc\(/ ) {
|
|---|
| 53 | push @bad, "$file:$line:$name" if $name;
|
|---|
| 54 | $name = $1;
|
|---|
| 55 | $line = $.;
|
|---|
| 56 | } else {
|
|---|
| 57 | push @bad, "$file:$.:???" unless /return mbedtls_malloc/;
|
|---|
| 58 | }
|
|---|
| 59 | } elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) {
|
|---|
| 60 | undef $name;
|
|---|
| 61 | } elsif( $name && $. - $line > $limit ) {
|
|---|
| 62 | push @bad, "$file:$line:$name";
|
|---|
| 63 | undef $name;
|
|---|
| 64 | undef $line;
|
|---|
| 65 | }
|
|---|
| 66 | }
|
|---|
| 67 | close $fh or die;
|
|---|
| 68 | }
|
|---|
| 69 |
|
|---|
| 70 | print "$_\n" for @bad;
|
|---|
