diff options
author | Christophe Grenier <[email protected]> | 2023-10-08 14:00:23 +0200 |
---|---|---|
committer | Christophe Grenier <[email protected]> | 2023-10-08 14:00:23 +0200 |
commit | 0fdbc689159d76539feb7ef29b9b3ef2a11636ef (patch) | |
tree | 942df430cb27dbb91db5832abdafb83ca3023572 /src/filegen.h | |
parent | b05dfc200bd125a04eddfac301f7b629858035cf (diff) |
src/filegen.c: improve Frama-C annotations
Diffstat (limited to 'src/filegen.h')
-rw-r--r-- | src/filegen.h | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/filegen.h b/src/filegen.h index 2051b882..373a9363 100644 --- a/src/filegen.h +++ b/src/filegen.h @@ -39,6 +39,8 @@ extern "C" { #define PHOTOREC_MAX_SIZE_32 (((uint64_t)1<<31)-1) #define PHOTOREC_MAX_SIG_OFFSET 65535 #define PHOTOREC_MAX_SIG_SIZE 4095 +/* TODO: Support blocksize up to 32 MB */ +#define PHOTOREC_MAX_BLOCKSIZE 32*1024*1024 typedef enum { DC_SCAN=0, DC_CONTINUE=1, DC_STOP=2, DC_ERROR=3} data_check_t; typedef struct file_hint_struct file_hint_t; @@ -144,6 +146,7 @@ typedef struct predicate valid_file_stat(file_stat_t *file_stat) = (\valid_read(file_stat) && valid_file_hint(file_stat->file_hint)); predicate valid_file_recovery(file_recovery_t *file_recovery) = (\valid_read(file_recovery) && + strlen((const char*)file_recovery->filename) < 1<<30 && valid_read_string((const char *)file_recovery->filename) && (file_recovery->file_stat == \null || valid_file_stat(file_recovery->file_stat)) && (file_recovery->handle == \null || \valid(file_recovery->handle)) && @@ -195,11 +198,13 @@ typedef struct predicate valid_data_check_param(unsigned char *buffer, unsigned int buffer_size, file_recovery_t *file_recovery) = ( buffer_size > 0 && (buffer_size&1)==0 && + buffer_size <= 2 * PHOTOREC_MAX_BLOCKSIZE && \valid_read(buffer+(0..buffer_size-1)) && \initialized(buffer+(0..buffer_size-1)) && \valid(file_recovery) && valid_file_recovery(file_recovery) && file_recovery->calculated_file_size <= PHOTOREC_MAX_FILE_SIZE && + file_recovery->file_size <= PHOTOREC_MAX_FILE_SIZE && \separated(buffer + (..), file_recovery) ); @@ -238,9 +243,11 @@ void file_allow_nl(file_recovery_t *file_recovery, const unsigned int nl_mode); /*@ @ requires \valid(handle); + @ requires offset < 0x8000000000000000; @ requires 0 < footer_length <4096; @ requires \valid_read((char *)footer+(0..footer_length-1)); @ requires \separated(handle, (char *)footer + (..), &errno, &Frama_C_entropy_source); + @ ensures \result < 0x8000000000000000; @ assigns *handle, errno, Frama_C_entropy_source; @*/ uint64_t file_rsearch(FILE *handle, uint64_t offset, const void*footer, const unsigned int footer_length); @@ -250,6 +257,8 @@ uint64_t file_rsearch(FILE *handle, uint64_t offset, const void*footer, const un @ requires \valid_read((char *)footer+(0..footer_length-1)); @ requires \separated(file_recovery, file_recovery->handle, file_recovery->extension, &errno, &Frama_C_entropy_source); @ requires valid_file_check_param(file_recovery); + @ requires extra_length <= PHOTOREC_MAX_FILE_SIZE; + @ requires file_recovery->file_size < 0x8000000000000000; @ ensures valid_file_check_result(file_recovery); @ assigns *file_recovery->handle, errno, file_recovery->file_size; @ assigns Frama_C_entropy_source; @@ -356,23 +365,24 @@ void register_header_check(const unsigned int offset, const void *value, const u /*@ @ requires \valid(files_enable); - @ decreases 0; @*/ file_stat_t * init_file_stats(file_enable_t *files_enable); /*@ @ requires \valid(file_recovery); @ requires valid_file_recovery(file_recovery); + @ requires buffer_size < 1<<30; @ requires \valid_read((char *)buffer+(0..buffer_size-1)); - @ requires new_ext==\null || valid_read_string(new_ext); + @ requires new_ext==\null || (valid_read_string(new_ext) && strlen(new_ext) < 1<<30); @ ensures valid_file_recovery(file_recovery); @*/ int file_rename(file_recovery_t *file_recovery, const void *buffer, const int buffer_size, const int offset, const char *new_ext, const int force_ext); /*@ @ requires \valid(file_recovery); - @ requires new_ext==\null || valid_read_string(new_ext); + @ requires new_ext==\null || (valid_read_string(new_ext) && strlen(new_ext) < 1<<30); @ requires valid_file_recovery(file_recovery); + @ requires buffer_size < 1<<30; @ requires \valid_read((char *)buffer+(0..buffer_size-1)); @ ensures valid_file_recovery(file_recovery); @*/ |