1/// Use memdup_user rather than duplicating its implementation 2/// This is a little bit restricted to reduce false positives 3/// 4// Confidence: High 5// Copyright: (C) 2010-2012 Nicolas Palix. GPLv2. 6// Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6. GPLv2. 7// Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6. GPLv2. 8// URL: http://coccinelle.lip6.fr/ 9// Comments: 10// Options: --no-includes --include-headers 11 12virtual patch 13virtual context 14virtual org 15virtual report 16 17@depends on patch@ 18expression from,to,size,flag; 19identifier l1,l2; 20@@ 21 22- to = \(kmalloc\|kzalloc\)(size,flag); 23+ to = memdup_user(from,size); 24 if ( 25- to==NULL 26+ IS_ERR(to) 27 || ...) { 28 <+... when != goto l1; 29- -ENOMEM 30+ PTR_ERR(to) 31 ...+> 32 } 33- if (copy_from_user(to, from, size) != 0) { 34- <+... when != goto l2; 35- -EFAULT 36- ...+> 37- } 38 39@r depends on !patch@ 40expression from,to,size,flag; 41position p; 42statement S1,S2; 43@@ 44 45* to = \(kmalloc@p\|kzalloc@p\)(size,flag); 46 if (to==NULL || ...) S1 47 if (copy_from_user(to, from, size) != 0) 48 S2 49 50@script:python depends on org@ 51p << r.p; 52@@ 53 54coccilib.org.print_todo(p[0], "WARNING opportunity for memdup_user") 55 56@script:python depends on report@ 57p << r.p; 58@@ 59 60coccilib.report.print_report(p[0], "WARNING opportunity for memdup_user") 61