[PATCH] D66049: [analyzer] PR41729: Fix some false positives and improve strlcat and strlcpy modeling
Daniel Krupp via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Oct 9 09:50:30 PDT 2019
dkrupp added a comment.
I also analyzed openssl with the baseline and this version, but did not find any new warnings.
See:
http://codechecker-demo.eastus.cloudapp.azure.com/Default/#run=D66049_baseline&newcheck=D66049_improved&review-status=Unreviewed&review-status=Confirmed&detection-status=New&detection-status=Reopened&detection-status=Unresolved&tab=D66049_baseline_diff_D66049_improved
================
Comment at: lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1580
// If the function is strncpy, strncat, etc... it is bounded.
if (isBounded) {
----------------
Szelethus wrote:
> Ah, okay, so the assumption is that bounded functions' third argument is always a numerical size parameter. Why isn't that enforced at all?
How should we enforce this?
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D66049/new/
https://reviews.llvm.org/D66049
More information about the cfe-commits
mailing list