[cfe-commits] r132607 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/CStringChecker.cpp test/Analysis/bstring.c

Jordy Rose jediknil at belkadan.com
Fri Jun 3 17:04:22 PDT 2011 

Author: jrose
Date: Fri Jun  3 19:04:22 2011
New Revision: 132607

URL: http://llvm.org/viewvc/llvm-project?rev=132607&view=rev
Log:
[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
    cfe/trunk/test/Analysis/bstring.c

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp?rev=132607&r1=132606&r2=132607&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp Fri Jun  3 19:04:22 2011
@@ -713,16 +713,13 @@
   // If the size is zero, there won't be any actual memory access, so
   // just bind the return value to the destination buffer and return.
   if (stateZeroSize) {
+    stateZeroSize = stateZeroSize->BindExpr(CE, destVal);
     C.addTransition(stateZeroSize);
-    if (IsMempcpy)
-      state->BindExpr(CE, destVal);
-    else
-      state->BindExpr(CE, sizeVal);
-    return;
   }
 
   // If the size can be nonzero, we have to check the other arguments.
   if (stateNonZeroSize) {
+    state = stateNonZeroSize;
 
     // Ensure the destination is not null. If it is NULL there will be a
     // NULL pointer dereference.

Modified: cfe/trunk/test/Analysis/bstring.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/bstring.c?rev=132607&r1=132606&r2=132607&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/bstring.c (original)
+++ cfe/trunk/test/Analysis/bstring.c Fri Jun  3 19:04:22 2011
@@ -136,6 +136,18 @@
   memcpy(a, 0, 0); // no-warning
 }
 
+void memcpy_unknown_size (size_t n) {
+  char a[4], b[4] = {1};
+  if (memcpy(a, b, n) != a)
+    (void)*(char*)0; // no-warning
+}
+
+void memcpy_unknown_size_warn (size_t n) {
+  char a[4];
+  if (memcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to byte string function}}
+    (void)*(char*)0; // no-warning
+}
+
 //===----------------------------------------------------------------------===
 // mempcpy()
 //===----------------------------------------------------------------------===
@@ -246,6 +258,12 @@
   mempcpy(a, 0, 0); // no-warning
 }
 
+void mempcpy_unknown_size_warn (size_t n) {
+  char a[4];
+  if (mempcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to byte string function}}
+    (void)*(char*)0; // no-warning
+}
+
 //===----------------------------------------------------------------------===
 // memmove()
 //===----------------------------------------------------------------------===

More information about the cfe-commits mailing list