[PATCH] D69813: [analyzer][WIP] CERTStrChecker: Model gets()
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 4 11:44:39 PST 2019
NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/cert/StrChecker.cpp:124
+ if (const SymbolicRegion *SR = DestMR->getSymbolicBase())
+ if (const Expr *SizeExpr = getDynamicSizeExpr(C.getState(), SR))
+ return exprToStr(SizeExpr, C);
----------------
Again, you will have to highlight the allocation site with a note. Therefore you will have to write a bug visitor that traverses the size expression at some point (or, equivalently, a note tag when the size expression is evaluated). Therefore you don't need to store the expression in the program state.
================
Comment at: clang/test/Analysis/cert/str31-alloc.cpp:42
+ // expected-warning at -1 {{'gets' could write outside of 'buf3'}}
+ // CHECK-FIXES: if (gets_s(buf3 + 1, sizeof(buf3))) {}
+}
----------------
The fix is not correct. It should be `sizeof(buf3) - 1`, otherwise you still have a buffer overflow.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D69813/new/
https://reviews.llvm.org/D69813
More information about the cfe-commits
mailing list