diff options
| author | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | 2017-08-20 23:45:38 +0200 |
|---|---|---|
| committer | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | 2017-12-21 12:41:59 +0100 |
| commit | b0b38fff5b42a52c0b4fdf8f56844c23b759c887 (patch) | |
| tree | b0129a65f1bd83e554a5d686378416ac5dae83b1 | |
| parent | c18aec74fd9fd77f2234dd11dd6444339c66d99e (diff) | |
| download | sparse-dev-b0b38fff5b42a52c0b4fdf8f56844c23b759c887.tar.gz | |
fix expansion of constant bitfield dereference
During the expansion of a dereference, it's checked if the
initializer corrresponding to the offset we're interested in
is a constant. If it's the case, the dereference can be avoided
and the constant given as initializer can be used instead.
However, it's not enough to check for the offset since, for
bitfields there are (usualy) several distinct fields at the
same offset. Currently, the first initializer matching the
offset is selected and, if a constant, its value is used
for the result of the dereferencing of the whole structure.
Fix this by refusing such expansion if the constant value
correspond to a bitfield.
Reported-by: Dibyendu Majumdar <mobile@majumdar.org.uk>
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
| -rw-r--r-- | expand.c | 2 | ||||
| -rw-r--r-- | validation/linear/bitfield-expand-deref.c | 1 |
2 files changed, 2 insertions, 1 deletions
@@ -644,6 +644,8 @@ static int expand_dereference(struct expression *expr) if (value) { /* FIXME! We should check that the size is right! */ if (value->type == EXPR_VALUE) { + if (is_bitfield_type(value->ctype)) + return UNSAFE; expr->type = EXPR_VALUE; expr->value = value->value; expr->taint = 0; diff --git a/validation/linear/bitfield-expand-deref.c b/validation/linear/bitfield-expand-deref.c index 0a958633..7748725f 100644 --- a/validation/linear/bitfield-expand-deref.c +++ b/validation/linear/bitfield-expand-deref.c @@ -20,7 +20,6 @@ int bar(int a) /* * check-name: bitfield expand deref * check-command: test-linearize -Wno-decl $file - * check-known-to-fail * * check-output-ignore * check-output-excludes: ret\..*\$12 |