1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
// Copyright 2014 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Check for invalid uintptr -> unsafe.Pointer conversions.
package main
import (
"go/ast"
"go/token"
"go/types"
)
func init() {
register("unsafeptr",
"check for misuse of unsafe.Pointer",
checkUnsafePointer,
callExpr)
}
func checkUnsafePointer(f *File, node ast.Node) {
x := node.(*ast.CallExpr)
if len(x.Args) != 1 {
return
}
if f.hasBasicType(x.Fun, types.UnsafePointer) && f.hasBasicType(x.Args[0], types.Uintptr) && !f.isSafeUintptr(x.Args[0]) {
f.Badf(x.Pos(), "possible misuse of unsafe.Pointer")
}
}
// isSafeUintptr reports whether x - already known to be a uintptr -
// is safe to convert to unsafe.Pointer. It is safe if x is itself derived
// directly from an unsafe.Pointer via conversion and pointer arithmetic
// or if x is the result of reflect.Value.Pointer or reflect.Value.UnsafeAddr
// or obtained from the Data field of a *reflect.SliceHeader or *reflect.StringHeader.
func (f *File) isSafeUintptr(x ast.Expr) bool {
switch x := x.(type) {
case *ast.ParenExpr:
return f.isSafeUintptr(x.X)
case *ast.SelectorExpr:
switch x.Sel.Name {
case "Data":
// reflect.SliceHeader and reflect.StringHeader are okay,
// but only if they are pointing at a real slice or string.
// It's not okay to do:
// var x SliceHeader
// x.Data = uintptr(unsafe.Pointer(...))
// ... use x ...
// p := unsafe.Pointer(x.Data)
// because in the middle the garbage collector doesn't
// see x.Data as a pointer and so x.Data may be dangling
// by the time we get to the conversion at the end.
// For now approximate by saying that *Header is okay
// but Header is not.
pt, ok := f.pkg.types[x.X].Type.(*types.Pointer)
if ok {
t, ok := pt.Elem().(*types.Named)
if ok && t.Obj().Pkg().Path() == "reflect" {
switch t.Obj().Name() {
case "StringHeader", "SliceHeader":
return true
}
}
}
}
case *ast.CallExpr:
switch len(x.Args) {
case 0:
// maybe call to reflect.Value.Pointer or reflect.Value.UnsafeAddr.
sel, ok := x.Fun.(*ast.SelectorExpr)
if !ok {
break
}
switch sel.Sel.Name {
case "Pointer", "UnsafeAddr":
t, ok := f.pkg.types[sel.X].Type.(*types.Named)
if ok && t.Obj().Pkg().Path() == "reflect" && t.Obj().Name() == "Value" {
return true
}
}
case 1:
// maybe conversion of uintptr to unsafe.Pointer
return f.hasBasicType(x.Fun, types.Uintptr) && f.hasBasicType(x.Args[0], types.UnsafePointer)
}
case *ast.BinaryExpr:
switch x.Op {
case token.ADD, token.SUB, token.AND_NOT:
return f.isSafeUintptr(x.X) && !f.isSafeUintptr(x.Y)
}
}
return false
}
|
