r353583 - [analyzer] CStringSyntaxChecks: Fix an off-by-one error in the strlcat() check.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Fri Feb 8 15:59:52 PST 2019
Author: dergachev
Date: Fri Feb 8 15:59:52 2019
New Revision: 353583
URL: http://llvm.org/viewvc/llvm-project?rev=353583&view=rev
Log:
[analyzer] CStringSyntaxChecks: Fix an off-by-one error in the strlcat() check.
oth strlcat and strlcpy cut off their safe bound for the argument value
at sizeof(destination). There's no need to subtract 1 in only one
of these cases.
Differential Revision: https://reviews.llvm.org/D57981
rdar://problem/47873212
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp
cfe/trunk/test/Analysis/cstring-syntax.c
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp?rev=353583&r1=353582&r2=353583&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp Fri Feb 8 15:59:52 2019
@@ -153,8 +153,6 @@ bool WalkAST::containsBadStrncatPattern(
bool WalkAST::containsBadStrlcpyStrlcatPattern(const CallExpr *CE) {
if (CE->getNumArgs() != 3)
return false;
- const FunctionDecl *FD = CE->getDirectCallee();
- bool Append = CheckerContext::isCLibraryFunction(FD, "strlcat");
const Expr *DstArg = CE->getArg(0);
const Expr *LenArg = CE->getArg(2);
@@ -194,13 +192,8 @@ bool WalkAST::containsBadStrlcpyStrlcatP
ASTContext &C = BR.getContext();
uint64_t BufferLen = C.getTypeSize(Buffer) / 8;
auto RemainingBufferLen = BufferLen - DstOff;
- if (Append) {
- if (RemainingBufferLen <= ILRawVal)
- return true;
- } else {
- if (RemainingBufferLen < ILRawVal)
- return true;
- }
+ if (RemainingBufferLen < ILRawVal)
+ return true;
}
}
}
Modified: cfe/trunk/test/Analysis/cstring-syntax.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/cstring-syntax.c?rev=353583&r1=353582&r2=353583&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/cstring-syntax.c (original)
+++ cfe/trunk/test/Analysis/cstring-syntax.c Fri Feb 8 15:59:52 2019
@@ -33,6 +33,7 @@ void testStrlcpy(const char *src) {
strlcpy(dest, src, ulen);
strlcpy(dest + 5, src, 5);
strlcpy(dest + 5, src, 10); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}
+ strlcpy(dest, "aaaaaaaaaaaaaaa", 10); // no-warning
}
void testStrlcat(const char *src) {
@@ -51,4 +52,5 @@ void testStrlcat(const char *src) {
strlcat(dest, src, ulen);
strlcpy(dest, src, 5);
strlcat(dest + 5, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}
+ strlcat(dest, "aaaaaaaaaaaaaaa", 10); // no-warning
}
More information about the cfe-commits
mailing list