(root)/
gcc-13.2.0/
gcc/
testsuite/
gcc.dg/
analyzer/
taint-CVE-2020-13143.h
       1  /* Shared header for the various taint-CVE-2020-13143.h tests.
       2     
       3     "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the
       4     Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering
       5     the possibility of an internal '\0' value, which allows attackers to
       6     trigger an out-of-bounds read, aka CID-15753588bcd4."
       7  
       8     Fixed by 15753588bcd4bbffae1cca33c8ced5722477fe1f on linux-5.7.y
       9     in linux-stable.  */
      10  
      11  // TODO: remove need for this option
      12  /* { dg-additional-options "-fanalyzer-checker=taint" } */
      13  
      14  #include <stddef.h>
      15  
      16  /* Adapted from include/uapi/asm-generic/posix_types.h  */
      17  
      18  typedef unsigned int     __kernel_size_t;
      19  typedef int              __kernel_ssize_t;
      20  
      21  /* Adapted from include/linux/types.h  */
      22  
      23  //typedef __kernel_size_t		size_t;
      24  typedef __kernel_ssize_t	ssize_t;
      25  
      26  /* Adapted from include/linux/kernel.h  */
      27  
      28  #define container_of(ptr, type, member) ({				\
      29  	void *__mptr = (void *)(ptr);					\
      30  	/* [...snip...] */						\
      31  	((type *)(__mptr - offsetof(type, member))); })
      32  
      33  /* Adapted from include/linux/configfs.h  */
      34  
      35  struct config_item {
      36  	/* [...snip...] */
      37  };
      38  
      39  struct config_group {
      40  	struct config_item		cg_item;
      41  	/* [...snip...] */
      42  };
      43  
      44  static inline struct config_group *to_config_group(struct config_item *item)
      45  {
      46  	return item ? container_of(item,struct config_group,cg_item) : NULL;
      47  }
      48  
      49  #define CONFIGFS_ATTR(_pfx, _name)				\
      50  static struct configfs_attribute _pfx##attr_##_name = {	\
      51  	/* [...snip...] */				\
      52  	.store		= _pfx##_name##_store,		\
      53  }
      54  
      55  /* Adapted from include/linux/compiler.h  */
      56  
      57  #define __force
      58  
      59  /* Adapted from include/asm-generic/errno-base.h  */
      60  
      61  #define	ENOMEM		12	/* Out of memory */
      62  
      63  /* Adapted from include/linux/types.h  */
      64  
      65  #define __bitwise__
      66  typedef unsigned __bitwise__ gfp_t;
      67  
      68  /* Adapted from include/linux/gfp.h  */
      69  
      70  #define ___GFP_WAIT		0x10u
      71  #define ___GFP_IO		0x40u
      72  #define ___GFP_FS		0x80u
      73  #define __GFP_WAIT	((__force gfp_t)___GFP_WAIT)
      74  #define __GFP_IO	((__force gfp_t)___GFP_IO)
      75  #define __GFP_FS	((__force gfp_t)___GFP_FS)
      76  #define GFP_KERNEL  (__GFP_WAIT | __GFP_IO | __GFP_FS)
      77  
      78  /* Adapted from include/linux/compiler_attributes.h  */
      79  
      80  #define __malloc                        __attribute__((__malloc__))
      81  
      82  /* Adapted from include/linux/string.h  */
      83  
      84  extern char *kstrdup(const char *s, gfp_t gfp) __malloc;
      85  
      86  /* Adapted from drivers/usb/gadget/configfs.c  */
      87  
      88  struct gadget_info {
      89  	struct config_group group;
      90  	/* [...snip...] */				\
      91  };