mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5273 Commits
28 Branches
Tree: ac3d14dbdc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ac3d14dbdc'
${ noResults }
rspamd/clang-plugin/printf_check.cc

printf_check.cc 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581 
  1. /*

  2.  * Copyright (c) 2015, Vsevolod Stakhov

  3.  * All rights reserved.

  4.  *

  5.  * Redistribution and use in source and binary forms, with or without

  6.  * modification, are permitted provided that the following conditions are met:

  7.  *	 * Redistributions of source code must retain the above copyright

  8.  *	   notice, this list of conditions and the following disclaimer.

  9.  *	 * Redistributions in binary form must reproduce the above copyright

  10.  *	   notice, this list of conditions and the following disclaimer in the

  11.  *	   documentation and/or other materials provided with the distribution.

  12.  *

  13.  * THIS SOFTWARE IS PROVIDED BY AUTHOR ''AS IS'' AND ANY

  14.  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

  15.  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

  16.  * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY

  17.  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

  18.  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  19.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

  20.  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

  21.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

  22.  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  23.  */

  24. 

  25. #include "printf_check.h"

  26. #include "clang/AST/AST.h"

  27. #include "clang/AST/Expr.h"

  28. #include "clang/AST/ASTConsumer.h"

  29. #include "clang/AST/RecursiveASTVisitor.h"

  30. #include <unordered_map>

  31. #include <vector>

  32. #include <sstream>

  33. #include <ctype.h>

  34. 

  35. using namespace clang;

  36. 

  37. namespace rspamd {

  38. 	struct PrintfArgChecker;

  39. 

  40. 	static bool cstring_arg_handler (const Expr *arg,

  41. 			struct PrintfArgChecker *ctx);

  42. 	static bool int_arg_handler (const Expr *arg,

  43. 			struct PrintfArgChecker *ctx);

  44. 	static bool long_arg_handler (const Expr *arg,

  45. 			struct PrintfArgChecker *ctx);

  46. 	static bool size_arg_handler (const Expr *arg,

  47. 			struct PrintfArgChecker *ctx);

  48. 	static bool char_arg_handler (const Expr *arg,

  49. 			struct PrintfArgChecker *ctx);

  50. 	static bool double_arg_handler (const Expr *arg,

  51. 			struct PrintfArgChecker *ctx);

  52. 	static bool long_double_arg_handler (const Expr *arg,

  53. 			struct PrintfArgChecker *ctx);

  54. 

  55. 	using arg_parser_t = bool (*) (const Expr *, struct PrintfArgChecker *);

  56. 

  57. 	static void

  58. 	print_error (const std::string &err, const Expr *e, const ASTContext *ast)

  59. 	{

  60. 		auto const &sm = ast->getSourceManager ();

  61. 		auto loc = e->getExprLoc ();

  62. 		llvm::errs() << err << " at " << loc.printToString (sm) << "\n";

  63. 	}

  64. 

  65. 	struct PrintfArgChecker {

  66. 	private:

  67. 		arg_parser_t parser;

  68. 	public:

  69. 		int width;

  70. 		int precision;

  71. 		bool is_unsigned;

  72. 		ASTContext *past;

  73. 

  74. 		PrintfArgChecker (arg_parser_t _p, ASTContext *_ast) :

  75. 				parser(_p), past(_ast)

  76. 		{

  77. 			width = 0;

  78. 			precision = 0;

  79. 			is_unsigned = false;

  80. 		}

  81. 		virtual ~PrintfArgChecker () {}

  82. 

  83. 		bool operator () (const Expr *e)

  84. 		{

  85. 			return parser (e, this);

  86. 		}

  87. 	};

  88. 

  89. 	class PrintfCheckVisitor::impl {

  90. 		std::unordered_map<std::string, int> printf_functions;

  91. 		ASTContext *pcontext;

  92. 

  93. 		std::unique_ptr<PrintfArgChecker> parseFlags (const std::string &flags)

  94. 		{

  95. 			auto type = flags.back();

  96. 

  97. 			switch (type) {

  98. 			case 's':

  99. 				return llvm::make_unique<PrintfArgChecker>(cstring_arg_handler,

  100. 						this->pcontext);

  101. 			case 'd':

  102. 				return llvm::make_unique<PrintfArgChecker>(int_arg_handler,

  103. 						this->pcontext);

  104. 			case 'z':

  105. 				return llvm::make_unique<PrintfArgChecker> (size_arg_handler,

  106. 						this->pcontext);

  107. 			case 'l':

  108. 				return llvm::make_unique<PrintfArgChecker> (long_arg_handler,

  109. 						this->pcontext);

  110. 			case 'f':

  111. 			case 'g':

  112. 				return llvm::make_unique<PrintfArgChecker> (double_arg_handler,

  113. 						this->pcontext);

  114. 			case 'F':

  115. 			case 'G':

  116. 				return llvm::make_unique<PrintfArgChecker> (long_double_arg_handler,

  117. 						this->pcontext);

  118. 			case 'c':

  119. 				return llvm::make_unique<PrintfArgChecker> (char_arg_handler,

  120. 						this->pcontext);

  121. 			default:

  122. 				llvm::errs () << "unknown parser flag: " << type << "\n";

  123. 				break;

  124. 			}

  125. 

  126. 			return nullptr;

  127. 		}

  128. 

  129. 		std::shared_ptr<std::vector<PrintfArgChecker> >

  130. 		genParsers (const StringRef query)

  131. 		{

  132. 			enum {

  133. 				ignore_chars = 0,

  134. 				read_percent,

  135. 				read_width,

  136. 				read_precision,

  137. 				read_arg

  138. 			} state = ignore_chars;

  139. 			int width, precision;

  140. 			std::string flags;

  141. 

  142. 			auto res = std::make_shared<std::vector<PrintfArgChecker> >();

  143. 

  144. 			for (const auto c : query) {

  145. 				switch (state) {

  146. 				case ignore_chars:

  147. 					if (c == '%') {

  148. 						state = read_percent;

  149. 						flags.clear ();

  150. 						width = precision = 0;

  151. 					}

  152. 					break;

  153. 				case read_percent:

  154. 					if (isdigit (c)) {

  155. 						state = read_width;

  156. 						width = c - '0';

  157. 					}

  158. 					else if (c == '.') {

  159. 						state = read_precision;

  160. 						precision = c - '0';

  161. 					}

  162. 					else if (c == '*') {

  163. 						/* %*s - need integer argument */

  164. 						res->emplace_back (int_arg_handler, this->pcontext);

  165. 						state = read_arg;

  166. 					}

  167. 					else if (c == '%') {

  168. 						/* Percent character, ignore */

  169. 						state = ignore_chars;

  170. 					}

  171. 					else {

  172. 						flags.push_back (c);

  173. 						state = read_arg;

  174. 					}

  175. 					break;

  176. 				case read_width:

  177. 					if (isdigit (c)) {

  178. 						width *= 10;

  179. 						width += c - '0';

  180. 					}

  181. 					else if (c == '.') {

  182. 						state = read_precision;

  183. 						precision = c - '0';

  184. 					}

  185. 					else {

  186. 						flags.push_back (c);

  187. 						state = read_arg;

  188. 					}

  189. 					break;

  190. 				case read_precision:

  191. 					if (isdigit (c)) {

  192. 						precision *= 10;

  193. 						precision += c - '0';

  194. 					}

  195. 					else if (c == '*') {

  196. 						res->emplace_back (int_arg_handler, this->pcontext);

  197. 						state = read_arg;

  198. 					}

  199. 					else {

  200. 						flags.push_back (c);

  201. 						state = read_arg;

  202. 					}

  203. 					break;

  204. 				case read_arg:

  205. 					if (!isalpha (c)) {

  206. 						auto handler = parseFlags (flags);

  207. 

  208. 						if (handler) {

  209. 							auto handler_copy = *handler;

  210. 							handler_copy.precision = precision;

  211. 							handler_copy.width = width;

  212. 							res->emplace_back (std::move (handler_copy));

  213. 						}

  214. 						else {

  215. 							llvm::errs () << "invalid modifier\n";

  216. 							return nullptr;

  217. 						}

  218. 						state = ignore_chars;

  219. 					}

  220. 					else {

  221. 						flags.push_back (c);

  222. 					}

  223. 					break;

  224. 				}

  225. 			}

  226. 

  227. 			if (state == read_arg) {

  228. 				auto handler = parseFlags (flags);

  229. 

  230. 				if (handler) {

  231. 					auto handler_copy = *handler;

  232. 					handler_copy.precision = precision;

  233. 					handler_copy.width = width;

  234. 					res->emplace_back (std::move (handler_copy));

  235. 				}

  236. 				else {

  237. 					llvm::errs () << "invalid modifier\n";

  238. 					return nullptr;

  239. 				}

  240. 			}

  241. 

  242. 			return res;

  243. 		}

  244. 	public:

  245. 		impl (ASTContext *_ctx) : pcontext(_ctx)

  246. 		{

  247. 			/* name -> format string position */

  248. 			printf_functions = {

  249. 					{"rspamd_printf",               0},

  250. 					{"rspamd_default_log_function", 4},

  251. 					{"rspamd_snprintf",             2},

  252. 					{"rspamd_fprintf",              1}

  253. 			};

  254. 		};

  255. 

  256. 		bool VisitCallExpr (CallExpr *E)

  257. 		{

  258. 			auto callee = dyn_cast<NamedDecl> (E->getCalleeDecl ());

  259. 			if (callee == NULL) {

  260. 				llvm::errs () << "Bad callee\n";

  261. 				return false;

  262. 			}

  263. 

  264. 			auto fname = callee->getNameAsString ();

  265. 

  266. 			auto pos_it = printf_functions.find (fname);

  267. 

  268. 			if (pos_it != printf_functions.end ()) {

  269. 				const auto args = E->getArgs ();

  270. 				auto pos = pos_it->second;

  271. 				auto query = args[pos];

  272. 

  273. 				if (!query->isEvaluatable (*pcontext)) {

  274. 					llvm::errs () << "Cannot evaluate query\n";

  275. 					return false;

  276. 				}

  277. 

  278. 				clang::Expr::EvalResult r;

  279. 

  280. 				if (!query->EvaluateAsRValue (r, *pcontext)) {

  281. 					llvm::errs () << "Cannot evaluate query\n";

  282. 					return false;

  283. 				}

  284. 

  285. 				auto qval = dyn_cast<StringLiteral> (

  286. 						r.Val.getLValueBase ().get<const Expr *> ());

  287. 				if (!qval) {

  288. 					llvm::errs () << "Bad or absent query string\n";

  289. 					return false;

  290. 				}

  291. 

  292. 				auto parsers = genParsers (qval->getString ());

  293. 

  294. 				if (parsers) {

  295. 					if (parsers->size () != E->getNumArgs () - (pos + 1)) {

  296. 						std::ostringstream err_buf;

  297. 						err_buf << "number of arguments for " << fname

  298. 								<< " missmatches query string '" <<

  299. 								qval->getString().str()

  300. 								<< "', expected " << parsers->size () << " args"

  301. 								<< ", got " << (E->getNumArgs () - (pos + 1))

  302. 								<< " args";

  303. 						print_error (err_buf.str (), E, this->pcontext);

  304. 

  305. 						return false;

  306. 					}

  307. 					else {

  308. 						for (auto i = pos + 1; i < E->getNumArgs (); i++) {

  309. 							auto arg = args[i];

  310. 

  311. 							if (arg) {

  312. 								if (!parsers->at(i - (pos + 1))(arg)) {

  313. 									return false;

  314. 								}

  315. 							}

  316. 						}

  317. 					}

  318. 				}

  319. 			}

  320. 

  321. 			return true;

  322. 		}

  323. 	};

  324. 

  325. 	PrintfCheckVisitor::PrintfCheckVisitor (ASTContext *ctx) :

  326. 		pimpl { new impl(ctx) }

  327. 	{

  328. 	}

  329. 

  330. 	PrintfCheckVisitor::~PrintfCheckVisitor ()

  331. 	{

  332. 	}

  333. 

  334. 	bool PrintfCheckVisitor::VisitCallExpr (clang::CallExpr *E)

  335. 	{

  336. 		return pimpl->VisitCallExpr (E);

  337. 	}

  338. 

  339. 	/* Type handlers */

  340. 	static bool

  341. 	cstring_arg_handler (const Expr *arg, struct PrintfArgChecker *ctx)

  342. 	{

  343. 		auto type = arg->getType ().split ().Ty;

  344. 

  345. 		if (!type->isPointerType ()) {

  346. 			print_error (

  347. 					std::string ("bad string argument for %s: ") +

  348. 							arg->getType ().getAsString (), arg, ctx->past);

  349. 			return false;

  350. 		}

  351. 

  352. 		auto ptr_type = type->getPointeeType().split().Ty;

  353. 

  354. 		if (!ptr_type->isCharType ()) {

  355. 			/* We might have gchar * here */

  356. 			auto desugared_type = ptr_type->getUnqualifiedDesugaredType ();

  357. 

  358. 			if (!desugared_type || !desugared_type->isCharType ()) {

  359. 				if (desugared_type) {

  360. 					desugared_type->dump ();

  361. 				}

  362. 				print_error (

  363. 						std::string ("bad string argument for %s: ") +

  364. 								arg->getType ().getAsString (), arg, ctx->past);

  365. 				return false;

  366. 			}

  367. 		}

  368. 

  369. 		return true;

  370. 	}

  371. 

  372. 	static bool

  373. 	int_arg_handler (const Expr *arg, struct PrintfArgChecker *ctx)

  374. 	{

  375. 		auto type = arg->getType ().split ().Ty;

  376. 

  377. 		auto desugared_type = type->getUnqualifiedDesugaredType ();

  378. 

  379. 		if (!desugared_type->isIntegerType ()) {

  380. 			print_error (std::string ("bad integer argument for %d or * arg: ") +

  381. 					arg->getType ().getAsString (), arg, ctx->past);

  382. 			return false;

  383. 		}

  384. 		else if (!desugared_type->isBuiltinType ()) {

  385. 			print_error (std::string ("bad integer argument for %d or * arg: ") +

  386. 							arg->getType ().getAsString(), arg, ctx->past);

  387. 			return false;

  388. 		}

  389. 

  390. 		auto builtin_type = dyn_cast<BuiltinType>(desugared_type);

  391. 		auto kind = builtin_type->getKind ();

  392. 

  393. 		if (kind != BuiltinType::Kind::UInt &&

  394. 				kind != BuiltinType::Kind::Int) {

  395. 			print_error (std::string ("bad integer argument for %d or * arg: ") +

  396. 					arg->getType ().getAsString (), arg, ctx->past);

  397. 			return false;

  398. 		}

  399. 

  400. 		return true;

  401. 	}

  402. 

  403. 	static bool

  404. 	long_arg_handler (const Expr *arg, struct PrintfArgChecker *ctx)

  405. 	{

  406. 		auto type = arg->getType ().split ().Ty;

  407. 

  408. 		auto desugared_type = type->getUnqualifiedDesugaredType ();

  409. 

  410. 		if (!desugared_type->isIntegerType ()) {

  411. 			print_error (

  412. 					std::string ("bad integer argument for %l arg: ") +

  413. 							arg->getType ().getAsString (), arg, ctx->past);

  414. 			return false;

  415. 		}

  416. 		else if (!desugared_type->isBuiltinType ()) {

  417. 			print_error (

  418. 					std::string ("bad integer argument for %l arg: ") +

  419. 							arg->getType ().getAsString (), arg, ctx->past);

  420. 			return false;

  421. 		}

  422. 

  423. 		auto builtin_type = dyn_cast<BuiltinType> (desugared_type);

  424. 		auto kind = builtin_type->getKind ();

  425. 

  426. 		if (kind != BuiltinType::Kind::ULong &&

  427. 				kind != BuiltinType::Kind::Long) {

  428. 			print_error (

  429. 					std::string ("bad integer argument for %l arg: ") +

  430. 							arg->getType ().getAsString (), arg, ctx->past);

  431. 			return false;

  432. 		}

  433. 

  434. 		return true;

  435. 	}

  436. 

  437. 	static bool

  438. 	char_arg_handler (const Expr *arg, struct PrintfArgChecker *ctx)

  439. 	{

  440. 		auto type = arg->getType ().split ().Ty;

  441. 

  442. 		auto desugared_type = type->getUnqualifiedDesugaredType ();

  443. 

  444. 		if (!desugared_type->isCharType ()) {

  445. 			print_error (

  446. 					std::string ("bad char argument for %c arg: ") +

  447. 							arg->getType ().getAsString (), arg, ctx->past);

  448. 			return false;

  449. 		}

  450. 		else if (!desugared_type->isBuiltinType ()) {

  451. 			print_error (

  452. 					std::string ("bad char argument for %c arg: ") +

  453. 							arg->getType ().getAsString (), arg, ctx->past);

  454. 			return false;

  455. 		}

  456. 

  457. 		auto builtin_type = dyn_cast<BuiltinType> (desugared_type);

  458. 		auto kind = builtin_type->getKind ();

  459. 

  460. 		if (kind != BuiltinType::Kind::UChar &&

  461. 				kind != BuiltinType::Kind::SChar) {

  462. 			print_error (

  463. 					std::string ("bad char argument for %c arg: ") +

  464. 							arg->getType ().getAsString (), arg, ctx->past);

  465. 			return false;

  466. 		}

  467. 

  468. 		return true;

  469. 	}

  470. 

  471. 	static bool

  472. 	size_arg_handler (const Expr *arg, struct PrintfArgChecker *ctx)

  473. 	{

  474. 		auto type = arg->getType ().split ().Ty;

  475. 

  476. 		auto desugared_type = type->getUnqualifiedDesugaredType ();

  477. 

  478. 		if (!desugared_type->isIntegerType ()) {

  479. 			print_error (

  480. 					std::string ("bad integer argument for %z arg: ") +

  481. 							arg->getType ().getAsString (), arg, ctx->past);

  482. 			return false;

  483. 		}

  484. 		else if (!desugared_type->isBuiltinType ()) {

  485. 			print_error (

  486. 					std::string ("bad integer argument for %z arg: ") +

  487. 							arg->getType ().getAsString (), arg, ctx->past);

  488. 			return false;

  489. 		}

  490. 

  491. 		auto builtin_type = dyn_cast<BuiltinType> (desugared_type);

  492. 		auto kind = builtin_type->getKind ();

  493. 

  494. 		if (sizeof (size_t) == sizeof (long)) {

  495. 			if (kind != BuiltinType::Kind::ULong &&

  496. 					kind != BuiltinType::Kind::Long) {

  497. 				print_error (

  498. 						std::string ("bad integer argument for %z arg: ") +

  499. 								arg->getType ().getAsString (), arg, ctx->past);

  500. 				return false;

  501. 			}

  502. 		}

  503. 		else if (sizeof (size_t) == sizeof (int)) {

  504. 			if (kind != BuiltinType::Kind::UInt &&

  505. 					kind != BuiltinType::Kind::Int) {

  506. 				print_error (

  507. 						std::string ("bad integer argument for %z arg: ") +

  508. 								arg->getType ().getAsString (), arg, ctx->past);

  509. 				return false;

  510. 			}

  511. 		}

  512. 

  513. 		return true;

  514. 	}

  515. 

  516. 	static bool

  517. 	double_arg_handler (const Expr *arg, struct PrintfArgChecker *ctx)

  518. 	{

  519. 		auto type = arg->getType ().split ().Ty;

  520. 

  521. 		auto desugared_type = type->getUnqualifiedDesugaredType ();

  522. 

  523. 		if (!desugared_type->isRealFloatingType ()) {

  524. 			print_error (

  525. 					std::string ("bad double argument for %f or %g arg: ") +

  526. 							arg->getType ().getAsString (), arg, ctx->past);

  527. 			return false;

  528. 		}

  529. 		else if (!desugared_type->isBuiltinType ()) {

  530. 			print_error (

  531. 					std::string ("bad double argument for %f or %g arg: ") +

  532. 							arg->getType ().getAsString (), arg, ctx->past);

  533. 			return false;

  534. 		}

  535. 

  536. 		auto builtin_type = dyn_cast<BuiltinType> (desugared_type);

  537. 		auto kind = builtin_type->getKind ();

  538. 

  539. 		if (kind != BuiltinType::Kind::Double) {

  540. 			print_error (

  541. 					std::string ("bad double argument for %f or %g arg: ") +

  542. 							arg->getType ().getAsString (), arg, ctx->past);

  543. 			return false;

  544. 		}

  545. 

  546. 		return true;

  547. 	}

  548. 

  549. 	static bool

  550. 	long_double_arg_handler (const Expr *arg, struct PrintfArgChecker *ctx)

  551. 	{

  552. 		auto type = arg->getType ().split ().Ty;

  553. 

  554. 		auto desugared_type = type->getUnqualifiedDesugaredType ();

  555. 

  556. 		if (!desugared_type->isRealFloatingType ()) {

  557. 			print_error (

  558. 					std::string ("bad long double argument for %F or %G arg: ") +

  559. 							arg->getType ().getAsString (), arg, ctx->past);

  560. 			return false;

  561. 		}

  562. 		else if (!desugared_type->isBuiltinType ()) {

  563. 			print_error (

  564. 					std::string ("bad long double argument for %F or %G arg: ") +

  565. 							arg->getType ().getAsString (), arg, ctx->past);

  566. 			return false;

  567. 		}

  568. 

  569. 		auto builtin_type = dyn_cast<BuiltinType> (desugared_type);

  570. 		auto kind = builtin_type->getKind ();

  571. 

  572. 		if (kind != BuiltinType::Kind::LongDouble) {

  573. 			print_error (

  574. 					std::string ("bad long double argument for %F or %G arg: ") +

  575. 							arg->getType ().getAsString (), arg, ctx->past);

  576. 			return false;

  577. 		}

  578. 

  579. 		return true;

  580. 	}

  581. };