prog: fix calculating parent length in struct with bitfields

3 files changed, 21 insertions, 1 deletions

diff --git a/prog/analysis.go b/prog/analysis.go
index 8500a80f2..99f947df2 100644
--- a/prog/analysis.go
+++ b/prog/analysis.go
@@ -175,7 +175,9 @@ func assignSizes(args []*Arg) {
 	argsMap := make(map[string]*Arg)
 	var parentSize uintptr
 	for _, arg := range args {
-		parentSize += arg.Size()
+		if arg.Type.BitfieldLength() == 0 || arg.Type.BitfieldLast() {
+			parentSize += arg.Size()
+		}
 		if sys.IsPad(arg.Type) {
 			continue
 		}
diff --git a/prog/size_test.go b/prog/size_test.go
index c257eae31..d5aaaaf12 100644
--- a/prog/size_test.go
+++ b/prog/size_test.go
@@ -106,6 +106,10 @@ func TestAssignSize(t *testing.T) {
 			"syz_test$length16(&(0x7f0000000000)={[0x42, 0x42], 0xff, 0xff, 0xff, 0xff, 0xff})",
 			"syz_test$length16(&(0x7f0000000000)={[0x42, 0x42], 0x2, 0x10, 0x8, 0x4, 0x2})",
 		},
+		{
+			"syz_test$length17(&(0x7f0000000000)={{0x42, 0x42, 0x42, 0xff}, 0xff, 0xff})",
+			"syz_test$length17(&(0x7f0000000000)={{0x42, 0x42, 0x42, 0x8}, 0x8, 0x8})",
+		},
 	}
 
 	for i, test := range tests {
diff --git a/sys/test.txt b/sys/test.txt
index 65415dd41..e883d9a76 100644
--- a/sys/test.txt
+++ b/sys/test.txt
@@ -182,6 +182,7 @@ syz_test$length14(a0 ptr[inout, syz_length_large_struct], a1 ptr[inout, len[a0,
 syz_test$length15(a0 int16, a1 len[a0])
 
 syz_test$length16(a0 ptr[in, syz_length_bytesize_struct])
+syz_test$length17(a0 ptr[in, syz_length_bf_struct])
 
 syz_length_flags = 0, 1
 
@@ -262,6 +263,19 @@ syz_length_bytesize_struct {
 	f5	bytesize8[f0, int8]
 }
 
+syz_length_bf_struct_inner {
+	f0	int32:10
+	f1	int32:10
+	f2	int32:10
+	f4	len[parent, int32]
+}
+
+syz_length_bf_struct {
+	f0	syz_length_bf_struct_inner
+	f1	len[f0, int8]
+	f2	bytesize[f0, int8]
+}
+
 # Big endian
 
 syz_test$end0(a0 ptr[in, syz_end_int_struct])