[PATCH] D45050: [clang-tidy] New checker for not null-terminated result caused by strlen or wcslen
Csaba Dabis via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed May 30 09:08:03 PDT 2018
Charusso added a comment.
In https://reviews.llvm.org/D45050#1116361, @xbolva00 wrote:
> memcpy(crypt_buf, passwd, passwd_len); <--- warning
> memcpy(crypt_buf + passwd_len, salt, salt_len);
>
> This is a false warning since it appends strings using memcpy. But no idea what to do and if it is possible to avoid these false warnings.
I have just tested it because of the `malloc()` function. I'm using CodeChecker and leaved the default settings, so `IsSafeFunctionsAreAvailable = 1`. Because of the malloc `strncpy_s()` cannot handle this case, but if the check would ran with `IsSafeFunctionsAreAvailable = 0`, it rewrites it to `strncpy(crypt_buf, passwd, passwd_len + 1)` which is a good transformation, as the official `memcpy()`'s result not null-terminated.
https://reviews.llvm.org/D45050
More information about the cfe-commits
mailing list