From a3d568a30f8245a8ce13658c489a48ab43231a56 Mon Sep 17 00:00:00 2001 From: Enkelmann Date: Thu, 23 Nov 2023 15:07:34 +0100 Subject: [PATCH] filter out negative stack offsets as parameter --- .../state/call_handling/mod.rs | 36 +++++++++++++++---- .../state/call_handling/tests.rs | 7 ++++ 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/mod.rs b/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/mod.rs index bbfcdf305..cd3eea3e1 100644 --- a/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/mod.rs +++ b/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/mod.rs @@ -135,12 +135,7 @@ impl State { pub fn get_params_of_current_function(&self) -> Vec<(&AbstractLocation, AccessPattern)> { let mut params = Vec::new(); for (id, access_pattern) in self.tracked_ids.iter() { - if id.get_tid() == self.get_current_function_tid() - && !matches!( - id.get_location(), - AbstractLocation::GlobalAddress { .. } | AbstractLocation::GlobalPointer(_, _) - ) - { + if self.is_param_id(id) { if access_pattern.is_accessed() { params.push((id.get_location(), *access_pattern)); } else if matches!(id.get_location(), &AbstractLocation::Pointer { .. }) { @@ -286,6 +281,35 @@ impl State { } } } + + /// Return `true` if the given ID is a parameter ID, + /// but not a global parameter. + fn is_param_id(&self, id: &AbstractIdentifier) -> bool { + if id.get_tid() != self.get_current_function_tid() || id == &self.stack_id { + return false; + } + // Filter out global IDs + if matches!( + id.get_location(), + AbstractLocation::GlobalAddress { .. } | AbstractLocation::GlobalPointer(_, _) + ) { + return false; + } + // Filter out IDs starting with a negative stack offset. + if let AbstractLocation::Pointer(var, mem_location) = id.get_location() { + if var == self.stack_id.unwrap_register() { + match mem_location { + AbstractMemoryLocation::Location { offset, .. } + | AbstractMemoryLocation::Pointer { offset, .. } => { + if *offset < 0 { + return false; + } + } + } + } + } + true + } } /// Generate register arguments from a list of registers. diff --git a/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/tests.rs b/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/tests.rs index 56a726980..d54fa6198 100644 --- a/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/tests.rs +++ b/src/cwe_checker_lib/src/analysis/function_signature/state/call_handling/tests.rs @@ -34,6 +34,10 @@ fn test_get_params_of_current_function() { let param_one = AbstractIdentifier::mock("mock_fn", "param_one", 4); let param_two = AbstractIdentifier::mock("mock_fn", "param_two", 4); let not_param = AbstractIdentifier::mock("call_tid", "r0", 4); + let non_param_stack_offset = AbstractIdentifier::new( + Tid::new("mock_fn"), + AbstractLocation::mock("sp:4", &[-8], 4), + ); let global_param = AbstractIdentifier::new( Tid::new("mock_fn"), AbstractLocation::GlobalAddress { @@ -51,6 +55,9 @@ fn test_get_params_of_current_function() { state .tracked_ids .insert(not_param, AccessPattern::new_unknown_access()); + state + .tracked_ids + .insert(non_param_stack_offset, AccessPattern::new_unknown_access()); state .tracked_ids .insert(global_param.clone(), AccessPattern::new_unknown_access());