Newer
Older
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdlib.h>
MapEntry.first = string("malloc");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("calloc");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("realloc");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("bsearch");
MapEntry.second = (STARS_ARG_POS_2 | STARS_ARG_POS_3);
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("qsort");
MapEntry.second = (STARS_ARG_POS_1 | STARS_ARG_POS_2);
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mblen");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbtowc");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbstowcs");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("wcstombs");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdio.h>
MapEntry.first = string("setvbuf");
MapEntry.second = STARS_ARG_POS_3;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
return;
} // end of InitTaintWarningArgPositionMap()
// Return dangerous-to-taint arg position bitset for call name from the taint warning map.
// If we don't find the call name, we return 0 in ArgPosBits.
clc5q
committed
void GetTaintWarningArgPositionsForCallName(string CalleeName, unsigned int &ArgPosBits) {
map<string, unsigned int>::iterator MapIter;
ArgPosBits = 0; // Change if found later
MapIter = TaintWarningArgPositionMap.find(CalleeName);
if (MapIter != TaintWarningArgPositionMap.end()) { // found it
ArgPosBits = MapIter->second;
}
return;
}
// Map of function names to POINTER argument positions.
static map<string, unsigned int> PointerArgPositionMap;
// Init map of system or library call name to the argument number that
// should have a POINTER value.
void InitPointerArgPositionMap(void) {
// clear in case re-initing.
PointerArgPositionMap.clear();
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
pair<string, unsigned int> MapEntry;
pair<map<string, unsigned int>::iterator, bool> InsertResult;
// <locale.h>
MapEntry.first = string("setlocale");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <math.h>
MapEntry.first = string("modf");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <string.h>
MapEntry.first = string("memchr");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcmp");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcpy");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memmove");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memset");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcat");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncat");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcmp");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncmp");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcpy");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncpy");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcoll");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strxfrm");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strchr");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcspn");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strpbrk");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strrchr");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strspn");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strstr");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtok");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strlen");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdlib.h>
MapEntry.first = string("atof");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("atoi");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("atol");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtod");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtol");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtoul");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("free");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("realloc");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("getenv");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("system");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("bsearch");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("qsort");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mblen");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbtowc");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("wctomb");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbstowcs");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("wcstombs");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdio.h>
MapEntry.first = string("remove");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("rename");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("tmpnam");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fclose");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fflush");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fopen");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("freopen");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1 | STARS_ARG_POS_2);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("setbuf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("setvbuf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fscanf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("isoc99_fscanf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("printf");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("scanf");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("isoc99_scanf");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
MapEntry.first = string("sprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("sscanf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("vfprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("vprintf");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("vsprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fgetc");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fgets");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_2);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fputc");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fputs");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("getc");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("gets");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("putc");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("puts");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("ungetc");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fread");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_3);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fwrite");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_3);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fgetpos");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fseek");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fsetpos");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("ftell");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("rewind");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("clearerr");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("feof");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("ferror");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("perror");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <time.h>
MapEntry.first = string("mktime");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("time");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("asctime");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("ctime");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("gmtime");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("localtime");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strftime");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_2 | STARS_ARG_POS_3);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
return;
} // end of InitPointerArgPositionMap()
// Return POINTER arg position bitset for call name from the POINTER arg map.
// If we don't find the call name, we return 0 in ArgPosBits.
void GetPointerArgPositionsForCallName(string CalleeName, unsigned int &ArgPosBits) {
map<string, unsigned int>::iterator MapIter;
ArgPosBits = 0; // Change if found later
MapIter = PointerArgPositionMap.find(CalleeName);
if (MapIter != PointerArgPositionMap.end()) { // found it
ArgPosBits = MapIter->second;
}
return;
}
static set<string> MathLibraryFuncNames;
static set<string> StdioLibraryFuncNames;
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
void InitLibraryFuncNames(void) {
// <math.h>
MathLibraryFuncNames.insert("acos");
MathLibraryFuncNames.insert("cos");
MathLibraryFuncNames.insert("sin");
MathLibraryFuncNames.insert("asin");
MathLibraryFuncNames.insert("tan");
MathLibraryFuncNames.insert("atan");
MathLibraryFuncNames.insert("cosh");
MathLibraryFuncNames.insert("sinh");
MathLibraryFuncNames.insert("tanh");
MathLibraryFuncNames.insert("atan2");
MathLibraryFuncNames.insert("exp");
MathLibraryFuncNames.insert("ldexp");
MathLibraryFuncNames.insert("frexp");
MathLibraryFuncNames.insert("log");
MathLibraryFuncNames.insert("modf");
MathLibraryFuncNames.insert("log10");
MathLibraryFuncNames.insert("pow");
MathLibraryFuncNames.insert("sqrt");
MathLibraryFuncNames.insert("ceil");
MathLibraryFuncNames.insert("fmod");
MathLibraryFuncNames.insert("fabs");
MathLibraryFuncNames.insert("floor");
StdioLibraryFuncNames.insert("printf");
StdioLibraryFuncNames.insert("scanf");
StdioLibraryFuncNames.insert("printf_chk");
StdioLibraryFuncNames.insert("fprintf");
StdioLibraryFuncNames.insert("fscanf");
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
StdioLibraryFuncNames.insert("sprintf");
StdioLibraryFuncNames.insert("sscanf");
StdioLibraryFuncNames.insert("vfprintf");
StdioLibraryFuncNames.insert("fgetc");
StdioLibraryFuncNames.insert("vprintf");
StdioLibraryFuncNames.insert("fgets");
StdioLibraryFuncNames.insert("vsprintf");
StdioLibraryFuncNames.insert("fputc");
StdioLibraryFuncNames.insert("getc");
StdioLibraryFuncNames.insert("fputs");
StdioLibraryFuncNames.insert("getchar");
StdioLibraryFuncNames.insert("putchar");
StdioLibraryFuncNames.insert("gets");
StdioLibraryFuncNames.insert("putc");
StdioLibraryFuncNames.insert("ungetc");
StdioLibraryFuncNames.insert("puts");
StdioLibraryFuncNames.insert("fwrite");
StdioLibraryFuncNames.insert("fread");
StdioLibraryFuncNames.insert("fgetpos");
StdioLibraryFuncNames.insert("printf");
StdioLibraryFuncNames.insert("fseek");
StdioLibraryFuncNames.insert("rewind");
StdioLibraryFuncNames.insert("fsetpos");
StdioLibraryFuncNames.insert("clearerr");
StdioLibraryFuncNames.insert("ftell");
StdioLibraryFuncNames.insert("perror");
StdioLibraryFuncNames.insert("feof");
StdioLibraryFuncNames.insert("remove");
StdioLibraryFuncNames.insert("ferror");
StdioLibraryFuncNames.insert("rename");
StdioLibraryFuncNames.insert("fopen");
StdioLibraryFuncNames.insert("tmpfile");
StdioLibraryFuncNames.insert("freopen");
StdioLibraryFuncNames.insert("tmpnam");
StdioLibraryFuncNames.insert("fclose");
StdioLibraryFuncNames.insert("setbuf");
StdioLibraryFuncNames.insert("fflush");
StdioLibraryFuncNames.insert("setvbuf");
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
StdlibLibraryFuncNames.insert("atol");
StdlibLibraryFuncNames.insert("atof");
StdlibLibraryFuncNames.insert("atoi");
StdlibLibraryFuncNames.insert("strtod");
StdlibLibraryFuncNames.insert("strtol");
StdlibLibraryFuncNames.insert("strtoul");
StdlibLibraryFuncNames.insert("rand");
StdlibLibraryFuncNames.insert("srand");
StdlibLibraryFuncNames.insert("calloc");
StdlibLibraryFuncNames.insert("free");
StdlibLibraryFuncNames.insert("malloc");
StdlibLibraryFuncNames.insert("realloc");
StdlibLibraryFuncNames.insert("abort");
StdlibLibraryFuncNames.insert("atexit");
StdlibLibraryFuncNames.insert("exit");
StdlibLibraryFuncNames.insert("getenv");
StdlibLibraryFuncNames.insert("system");
StdlibLibraryFuncNames.insert("bsearch");
StdlibLibraryFuncNames.insert("qsort");
StdlibLibraryFuncNames.insert("abs");
StdlibLibraryFuncNames.insert("div");
StdlibLibraryFuncNames.insert("labs");
StdlibLibraryFuncNames.insert("ldiv");
StdlibLibraryFuncNames.insert("mblen");
StdlibLibraryFuncNames.insert("mbtowc");
StdlibLibraryFuncNames.insert("wctomb");
StdlibLibraryFuncNames.insert("mbstowcs");
StdlibLibraryFuncNames.insert("wcstombs");
// Add special functions often inserted by gcc.
StdlibLibraryFuncNames.insert("stack_chk_fail");
return;
} // end of InitLibraryFuncNames()
bool IsMathLibraryFunc(string CalleeName) {
set<string>::const_iterator FuncIter = MathLibraryFuncNames.find(CalleeName);
return (FuncIter != MathLibraryFuncNames.cend());
}
bool IsStdioLibraryFunc(string CalleeName) {
set<string>::const_iterator FuncIter = StdioLibraryFuncNames.find(CalleeName);
return (FuncIter != StdioLibraryFuncNames.cend());
}
bool IsStdlibLibraryFunc(string CalleeName) {
set<string>::const_iterator FuncIter = StdlibLibraryFuncNames.find(CalleeName);
return (FuncIter != StdlibLibraryFuncNames.cend());
}
// Utility to count bits set in an unsigned int, e.g. ArgPosBits.
unsigned int CountBitsSet(unsigned int ArgPosBits) {
unsigned int count; // count accumulates the total bits set in ArgPosBits
for (count = 0; ArgPosBits; ++count) {
ArgPosBits &= (ArgPosBits - 1); // clear the least significant bit set
}
// Brian Kernighan's method goes through as many iterations as there are set bits.
// So if we have a 32-bit word with only the high bit set, then it will only go once through the loop.
// Published in 1988, the C Programming Language 2nd Ed. (by Brian W. Kernighan and Dennis M. Ritchie) mentions this in exercise 2-9.
// On April 19, 2006 Don Knuth pointed out to me that this method "was first published by Peter Wegner in CACM 3 (1960), 322.
// (Also discovered independently by Derrick Lehmer and published in 1964 in a book edited by Beckenbach.)"
return count;
}
// Utility to get highest bit set in a byte, numbered 0 (lowest) to 7 (highest).
unsigned int HighestBitSet(unsigned char Byte) {
unsigned int RetVal = 0;
if (Byte & 0xf0) { // check upper 4 bits
RetVal |= 4; // at least bit 4 or higher is set
Byte >>= 4; // shift upper nibble to lower nibble
}
if (Byte & 0xc) { // check upper two bits of lower nibble
RetVal |= 2; // At least bit 2 or higher is set
Byte >>= 2; // shift upper two bits of lower nibble into lowest two bits
}
if (Byte & 0x2) { // Check second least significant bit
RetVal |= 1;
}
return RetVal;
}
// Utility to get lowest bit set in a byte, numbered 0 (lowest) to 7 (highest).
unsigned int LowestBitSet(unsigned char Byte) {
unsigned int RetVal = 0;
if (Byte & 0x03) { // check lower 2 bits
RetVal = (Byte & 1) ? 0 : 1;
}
else if (Byte & 0x0c) { // check upper two bits of lower nibble
RetVal = (Byte & 4) ? 2 : 3;
}
else if (Byte & 0x30) { // Check lower two bits of upper nibble
RetVal = (Byte & 16) ? 4 : 5;
}
else {
assert(Byte & 0xc0);
RetVal = (Byte & 64) ? 6 : 7;
}
return RetVal;
}
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
// Utility to get highest bit set in an uint32_t, numbered 0 (lowest) to 31 (highest).
// Assumes that UintVal is non-zero and has some bit set.
unsigned int HighestBitSetInUint(uint32_t UintVal) {
unsigned int RetVal = 0;
unsigned char Byte0 = UintVal & 0xff;
unsigned char Byte1 = UintVal & 0xff00;
unsigned char Byte2 = UintVal & 0xff0000;
unsigned char Byte3 = UintVal & 0xff000000;
if (Byte3 > 0) {
RetVal = HighestBitSet(Byte3) + 24;
}
else if (Byte2 > 0) {
RetVal = HighestBitSet(Byte2) + 16;
}
else if (Byte1 > 0) {
RetVal = HighestBitSet(Byte1) + 8;
}
else if (Byte0 > 0) {
RetVal = HighestBitSet(Byte0);
}
return RetVal;
}
// Initialize the FG info for the return register from any library function
// whose name implies that we know certain return values (e.g. atoi() returns
// a signed integer, while strtoul() returns an unsigned long).
void GetLibFuncFGInfo(string FuncName, struct FineGrainedInfo &InitFGInfo) {
map<string, struct FineGrainedInfo>::iterator FindIter;
FindIter = ReturnRegisterTypeMap.find(FuncName);
if (FindIter == ReturnRegisterTypeMap.end()) { // not found
InitFGInfo.SignMiscInfo = 0;
InitFGInfo.SizeInfo = 0;
}
else { // found
InitFGInfo = FindIter->second;
}
return;
} // end of GetLibFuncFGInfo()
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
// Is FuncName a standard library function name?
bool IsLibFuncName(std::string CalleeName) {
// Return true if we find the name in any of our function type maps.
map<string, struct FineGrainedInfo>::iterator RetTypeIter = ReturnRegisterTypeMap.find(CalleeName);
if (RetTypeIter != ReturnRegisterTypeMap.end()) { // found
return true;
}
map<string, unsigned int>::iterator PtrArgIter = PointerArgPositionMap.find(CalleeName);
if (PtrArgIter != PointerArgPositionMap.end()) { // found it
return true;
}
map<string, unsigned int>::iterator TaintIter = TaintWarningArgPositionMap.find(CalleeName);
if (TaintIter != TaintWarningArgPositionMap.end()) { // found it
return true;
}
map<string, unsigned int>::iterator UnsignedIter = UnsignedArgPositionMap.find(CalleeName);
if (UnsignedIter != UnsignedArgPositionMap.end()) { // found it
return true;
}
map<string, string>::iterator SinkIter = IntegerErrorCallSinkMap.find(CalleeName);
if (SinkIter != IntegerErrorCallSinkMap.end()) { // found it
return true;
}
// Put searches for additional library function names here.
if (0 == CalleeName.compare("setuid")) {
return true;
}
else if (IsStdioLibraryFunc(CalleeName)) {
return true;
}
else if (IsMathLibraryFunc(CalleeName)) {
return true;
}
else if (IsStdlibLibraryFunc(CalleeName)) {
return true;
}
return false;
} // end of IsLibFuncName()
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
// Is FuncName a startup func called before main(), or a wrapup function called by the system?
bool IsStartupFuncName(const std::string FuncName) {
bool NameMatched = false;
char IDA_func_name[STARS_MAXSTR];
std::size_t SkipCount;
SkipCount = strspn(FuncName.c_str(), "._");
std::string TempFuncName = FuncName.substr(SkipCount); // remove leading periods and underscores
if (0 == TempFuncName.compare("init_proc")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("init")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("start")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("gmon_start")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("call_gmon_start")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("libc_start_main")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("call_gmon_start__")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("libc_start_main__")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("libc_csu_init")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("libc_csu_fini")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("do_global_dtors_aux")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("term_proc")) {
NameMatched = true;
}
clc5q
committed
else if (0 == TempFuncName.compare("fini")) {
NameMatched = true;
}
else if (0 == TempFuncName.compare("frame_dummy")) {
NameMatched = true;
}