Add corner case for Offset(0, _, _) nodes

Handle Offset nodes with a base pointer of 0 where the offset is non-zero, potentially resulting in a brand new pointer. One such case occurs in mod_cgi from lighttpd: const uintptr_t baseptr = (uintptr_t)env->b->ptr; for (i = 0; i < env->oused; ++i) envp[i] += baseptr;
immunant · Jun 15, 2024 · 98b98a7 · 98b98a7
1 parent 8bb5991
commit 98b98a7
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/pdg/src/builder.rs b/pdg/src/builder.rs
@@ -59,6 +59,11 @@ impl EventKindExt for EventKind {
             Alloc { ptr, .. } => ptr,
             AddrOfLocal(lhs, _, _) => lhs,
             AddrOfConst(ptr, _) => ptr,
+            // Corner case: Offset(..) events with a base pointer of zero are special
+            // because the result might be an actual pointer, e.g., c2rust will
+            // emit a pointer increment `a += b` as `a = a.offset(b)` which we need
+            // to ignore here if `a == 0` which is equivalent to `a = b`.
+            Offset(0, _, ptr) => ptr,
             Offset(ptr, _, _) => ptr,
             Done | BeginFuncBody => return None,
         })