Add corner case for Offset(0, _, _) nodes

Handle Offset nodes with a base pointer of 0 where the offset is non-zero, potentially resulting in a brand new pointer. One such case occurs in mod_cgi from lighttpd: const uintptr_t baseptr = (uintptr_t)env->b->ptr; for (i = 0; i < env->oused; ++i) envp[i] += baseptr;
immunant · Jun 8, 2024 · 4933cf6 · 4933cf6
1 parent ce25b62
commit 4933cf6
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/pdg/src/builder.rs b/pdg/src/builder.rs
@@ -58,6 +58,11 @@ impl EventKindExt for EventKind {
             FromInt(lhs) => lhs,
             Alloc { ptr, .. } => ptr,
             AddrOfLocal(lhs, _) => lhs,
+            // Corner case: Offset(..) events with a base pointer of zero are special
+            // because the result might be an actual pointer, e.g., c2rust will
+            // emit a pointer increment `a += b` as `a = a.offset(b)` which we need
+            // to ignore here if `a == 0` which is equivalent to `a = b`.
+            Offset(0, _, ptr) => ptr,
             Offset(ptr, _, _) => ptr,
             Done | BeginFuncBody => return None,
         })
@@ -187,6 +192,11 @@ pub fn add_node(
                 return provenance;
             }
 
+            if matches!(event.kind, EventKind::Offset(0, _, _)) {
+                // We are making a brand new pointer (see the comment in `ptr`)
+                return provenance;
+            }
+
             let latest_assignment = graphs
                 .latest_assignment
                 .get(&(src_fn, src.local))