summaryrefslogtreecommitdiffstats
path: root/src/filegen.h
diff options
context:
space:
mode:
authorChristophe Grenier <[email protected]>2023-10-08 14:00:23 +0200
committerChristophe Grenier <[email protected]>2023-10-08 14:00:23 +0200
commit0fdbc689159d76539feb7ef29b9b3ef2a11636ef (patch)
tree942df430cb27dbb91db5832abdafb83ca3023572 /src/filegen.h
parentb05dfc200bd125a04eddfac301f7b629858035cf (diff)
src/filegen.c: improve Frama-C annotations
Diffstat (limited to 'src/filegen.h')
-rw-r--r--src/filegen.h16
1 files changed, 13 insertions, 3 deletions
diff --git a/src/filegen.h b/src/filegen.h
index 2051b882..373a9363 100644
--- a/src/filegen.h
+++ b/src/filegen.h
@@ -39,6 +39,8 @@ extern "C" {
#define PHOTOREC_MAX_SIZE_32 (((uint64_t)1<<31)-1)
#define PHOTOREC_MAX_SIG_OFFSET 65535
#define PHOTOREC_MAX_SIG_SIZE 4095
+/* TODO: Support blocksize up to 32 MB */
+#define PHOTOREC_MAX_BLOCKSIZE 32*1024*1024
typedef enum { DC_SCAN=0, DC_CONTINUE=1, DC_STOP=2, DC_ERROR=3} data_check_t;
typedef struct file_hint_struct file_hint_t;
@@ -144,6 +146,7 @@ typedef struct
predicate valid_file_stat(file_stat_t *file_stat) = (\valid_read(file_stat) && valid_file_hint(file_stat->file_hint));
predicate valid_file_recovery(file_recovery_t *file_recovery) = (\valid_read(file_recovery) &&
+ strlen((const char*)file_recovery->filename) < 1<<30 &&
valid_read_string((const char *)file_recovery->filename) &&
(file_recovery->file_stat == \null || valid_file_stat(file_recovery->file_stat)) &&
(file_recovery->handle == \null || \valid(file_recovery->handle)) &&
@@ -195,11 +198,13 @@ typedef struct
predicate valid_data_check_param(unsigned char *buffer, unsigned int buffer_size, file_recovery_t *file_recovery) = (
buffer_size > 0 &&
(buffer_size&1)==0 &&
+ buffer_size <= 2 * PHOTOREC_MAX_BLOCKSIZE &&
\valid_read(buffer+(0..buffer_size-1)) &&
\initialized(buffer+(0..buffer_size-1)) &&
\valid(file_recovery) &&
valid_file_recovery(file_recovery) &&
file_recovery->calculated_file_size <= PHOTOREC_MAX_FILE_SIZE &&
+ file_recovery->file_size <= PHOTOREC_MAX_FILE_SIZE &&
\separated(buffer + (..), file_recovery)
);
@@ -238,9 +243,11 @@ void file_allow_nl(file_recovery_t *file_recovery, const unsigned int nl_mode);
/*@
@ requires \valid(handle);
+ @ requires offset < 0x8000000000000000;
@ requires 0 < footer_length <4096;
@ requires \valid_read((char *)footer+(0..footer_length-1));
@ requires \separated(handle, (char *)footer + (..), &errno, &Frama_C_entropy_source);
+ @ ensures \result < 0x8000000000000000;
@ assigns *handle, errno, Frama_C_entropy_source;
@*/
uint64_t file_rsearch(FILE *handle, uint64_t offset, const void*footer, const unsigned int footer_length);
@@ -250,6 +257,8 @@ uint64_t file_rsearch(FILE *handle, uint64_t offset, const void*footer, const un
@ requires \valid_read((char *)footer+(0..footer_length-1));
@ requires \separated(file_recovery, file_recovery->handle, file_recovery->extension, &errno, &Frama_C_entropy_source);
@ requires valid_file_check_param(file_recovery);
+ @ requires extra_length <= PHOTOREC_MAX_FILE_SIZE;
+ @ requires file_recovery->file_size < 0x8000000000000000;
@ ensures valid_file_check_result(file_recovery);
@ assigns *file_recovery->handle, errno, file_recovery->file_size;
@ assigns Frama_C_entropy_source;
@@ -356,23 +365,24 @@ void register_header_check(const unsigned int offset, const void *value, const u
/*@
@ requires \valid(files_enable);
- @ decreases 0;
@*/
file_stat_t * init_file_stats(file_enable_t *files_enable);
/*@
@ requires \valid(file_recovery);
@ requires valid_file_recovery(file_recovery);
+ @ requires buffer_size < 1<<30;
@ requires \valid_read((char *)buffer+(0..buffer_size-1));
- @ requires new_ext==\null || valid_read_string(new_ext);
+ @ requires new_ext==\null || (valid_read_string(new_ext) && strlen(new_ext) < 1<<30);
@ ensures valid_file_recovery(file_recovery);
@*/
int file_rename(file_recovery_t *file_recovery, const void *buffer, const int buffer_size, const int offset, const char *new_ext, const int force_ext);
/*@
@ requires \valid(file_recovery);
- @ requires new_ext==\null || valid_read_string(new_ext);
+ @ requires new_ext==\null || (valid_read_string(new_ext) && strlen(new_ext) < 1<<30);
@ requires valid_file_recovery(file_recovery);
+ @ requires buffer_size < 1<<30;
@ requires \valid_read((char *)buffer+(0..buffer_size-1));
@ ensures valid_file_recovery(file_recovery);
@*/