File: out-of-bounds-container_of.c

package info (click to toggle)

gcc-arm-none-eabi 15%3A14.2.rel1-1

links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 1,099,328 kB
sloc: cpp: 3,627,108; ansic: 2,571,498; ada: 834,230; f90: 235,082; makefile: 79,231; asm: 74,984; xml: 51,692; exp: 39,736; sh: 33,298; objc: 15,629; python: 15,069; fortran: 14,429; pascal: 7,003; awk: 5,070; perl: 3,106; ml: 285; lisp: 253; lex: 204; haskell: 135

file content (51 lines) | stat: -rw-r--r-- 1,514 bytes

/* Further reduced container_of pattern from the Linux Kernel.  */

struct inner {
  /* Don't care */
};

struct outer {
  int i;
  struct inner inner_struct;
};

struct outer *container_of (struct inner *ptr_to_inner)
{
  struct outer *ptr_to_outer = ((struct outer *) (((void *) ptr_to_inner) - __builtin_offsetof(struct outer, inner_struct)));
  return ptr_to_outer;
}

int test (struct outer *outer_p, struct inner *inner_p)
{
  struct outer test;
  test.i = 42;
  struct inner test2;
  int sum = 0;
  struct outer *o;

  /* Symbolic inner struct.  */
  o = container_of (inner_p);
  sum += o->i; // ok
  /* Not ok, but we can't be sure that outer
     is actually the container of inner.  */
  sum += (o - 1)->i;
  /* Symbolic outer struct.  */
  o = container_of (&(outer_p->inner_struct));
  sum += o->i; // ok
  /* Not ok, but indistinguishable from the case above.  */
  sum += (o - 1)->i;
  /* Concrete outer struct.  */
  o = container_of (&(test.inner_struct));
  sum += o->i;  // ok
  /* Not ok and we do have a concrete region.  */
  sum += (o - 1)->i; /* { dg-line testA } */
  /* Concrete inner struct, has no container.  */
  o = container_of (&test2);
  sum += o->i; /* { dg-line testB } */

  return sum;
  /* { dg-warning "stack-based buffer under-read" "warning" { target *-*-* } testA } */
  /* { dg-message "" "note" { target *-*-* } testA } */
  /* { dg-warning "stack-based buffer under-read" "warning" { target *-*-* } testB } */
  /* { dg-message "" "note" { target *-*-* } testB } */
}