[Patch] Fix for Static Analyzer bug PR16558

Karthik Bhat blitz.opensource at gmail.com
Mon Aug 12 07:28:43 PDT 2013


Hi All,
Please find the patch to fix PR16558. The problem is discussed at
http://llvm.org/bugs/show_bug.cgi?id=16558.<http://llvm.org/bugs/show_bug.cgi?id=16558>

Patch:
<http://llvm.org/bugs/show_bug.cgi?id=16558>
http://llvm-reviews.chandlerc.com/D1362

Please let me know your inputs on the same.


Test Case-

//RUN: %clang_cc1 -analyze -analyzer-checker=core,unix -verify %s

typedef typeof(sizeof(int)) size_t;
extern void* malloc (size_t size);
size_t strlen(const char *s);
char *strcpy(char *restrict s1, const char *restrict s2);

void *smallocNoWarn(size_t size) {
    if (size == 0) {
        return malloc(1); // this branch is never called
    } else {
        return malloc(size);
    }
}

char *dupstrNoWarn(const char *s) {
    const int len = strlen(s);
    char *p = (char*) smallocNoWarn(len + 1);
    strcpy(p, s); // no-warning
    return p;
}

void *smallocWarn(size_t size) {
    if (size == 2) {
        return malloc(1);
    } else {
        return malloc(size);
    }
}

char *dupstrWarn(const char *s) {
    const int len = strlen(s);
    char *p = (char*) smallocWarn(len + 1);
    strcpy(p, s); // expected-warning{{String copy function overflows
destination buffer}}
    return p;
}

void *smallocWarnZeroLenString(size_t size) {
    if (size == 1) {
        return malloc(1);
    } else {
        return malloc(size);
    }
}

char *dupstrWarnZeroLenString(const char *s) {
    const int len = strlen("");
    char *p = (char*) smallocWarn(len + 1);
    strcpy(p, s); // TODO: Should warn here!
    return p;
}

Thanks
Karthik Bhat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20130812/eccd56bc/attachment.html>


More information about the cfe-commits mailing list