RULE-19-1 support and test for memcpy unions

mbaluda · mbaluda · commit fee555cf14fb · 2023-03-23T19:00:37.000+01:00
diff --git a/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql b/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql
@@ -15,6 +15,15 @@ import codingstandards.c.misra
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 import semmle.code.cpp.dataflow.DataFlow
 
+/**
+ * Offset in bytes of a field access
+ */
+int getAccessByteOffset(FieldAccess fa) {
+  not fa.getQualifier() instanceof FieldAccess and result = fa.getTarget().getByteOffset()
+  or
+  result = fa.getTarget().getByteOffset() + getAccessByteOffset(fa.getQualifier())
+}
+
 /**
  * Models calls to memcpy on overlapping objects
  */
@@ -40,15 +49,17 @@ class MemcpyCall extends Locatable {
     result =
       [
         e.(VariableAccess), e.(PointerAddExpr).getLeftOperand(),
-        e.(AddressOfExpr).getOperand().(ArrayExpr).getArrayBase()
+        e.(AddressOfExpr).getOperand().(ArrayExpr).getArrayBase+(),
+        e.(AddressOfExpr).getOperand().(ValueFieldAccess).getQualifier+()
       ]
   }
 
   int getOffset(Expr e) {
     result =
       [
         e.(PointerAddExpr).getRightOperand().getValue().toInt(),
-        e.(AddressOfExpr).getOperand().(ArrayExpr).getArrayOffset().getValue().toInt()
+        e.(AddressOfExpr).getOperand().(ArrayExpr).getArrayOffset().getValue().toInt(),
+        getAccessByteOffset(e.(AddressOfExpr).getOperand()),
       ]
     or
     e instanceof VariableAccess and result = 0
diff --git a/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.expected b/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.expected
@@ -2,3 +2,4 @@
 | test.c:7:3:7:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:7:17:7:21 | & ... | from | test.c:7:10:7:14 | & ... | to |
 | test.c:8:3:8:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:8:17:8:17 | o | from | test.c:8:10:8:14 | ... + ... | to |
 | test.c:10:3:10:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:10:17:10:21 | ... + ... | from | test.c:10:10:10:14 | ... + ... | to |
+| test.c:52:3:52:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:52:21:52:26 | & ... | from | test.c:52:10:52:18 | & ... | to |
diff --git a/c/misra/test/rules/RULE-19-1/test.c b/c/misra/test/rules/RULE-19-1/test.c
@@ -20,3 +20,35 @@ void g(void) {
   // Exception 2
   memmove(&o[1], &o[0], 2u * sizeof(o[0])); // COMPLIANT
 }
+
+struct s1 {
+  int m1[10];
+};
+struct s2 {
+  int m1;
+  struct s1 m2;
+};
+union u {
+  struct s1 m1;
+  struct s2 m2;
+} u1;
+
+typedef struct {
+  char buf[8];
+} Union_t;
+union {
+  unsigned char uc[24];
+  struct {
+    Union_t prefix;
+    Union_t suffix;
+  } fnv;
+  struct {
+    unsigned char padding[16];
+    Union_t suffix;
+  } diff;
+} u2;
+
+void test_unions() {
+  memcpy(&u1.m2.m2, &u1.m1, sizeof(u1.m1)); // NON_COMPLIANT
+  memcpy(&u2.diff.suffix, &u2.fnv.suffix, sizeof(u2.fnv.suffix)); // COMPLIANT
+}
