[cfe-commits] [PATCH] review request - strcmp/strcasecmp security checker

Joerg Sonnenberger joerg at britannica.bec.de
Wed Apr 6 17:58:25 PDT 2011

On Thu, Apr 07, 2011 at 01:13:16AM +0200, pageexec at freemail.hu wrote:
> On 7 Apr 2011 at 0:59, Joerg Sonnenberger wrote:
> > On Wed, Apr 06, 2011 at 04:25:21PM -0600, Lenny Maiorani wrote:
> > > Add security syntax checker for strcmp() and strcasecmp() which causes
> > > the Static Analyzer to generate a warning any time the strcmp()
> > > function is used with a note suggesting to use a function which
> > > provides bounded buffers such as strncmp() or strncasecmp(). CWE-119.
> > 
> > Sorry, but this sounds completely wrong.
> i raised the issue already last week but got no response....
> http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20110328/040517.html

There is one important difference here -- strcpy requires NUL
termination of the input + size restriction of the output to work
properly. strcmp() only requires both input arguments to be properly NUL

A useful analyzer check for string operations would try to ensure that
property and complain about cases where it can't be deducted with
reasonable precision. This can be tricky, e.g. the following is
perfectly safe:

int f(const char *s);
	char buf[4];
	size_t l = strlen(s);
	if (l < 4) return -1;
	memcpy(buf, s + l - 3, 4);
	return strcmp(s, buf);


More information about the cfe-commits mailing list