<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Incorrect destination buffer size calculation for strlcat"
href="https://bugs.llvm.org/show_bug.cgi?id=37687">37687</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Incorrect destination buffer size calculation for strlcat
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Static Analyzer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>dcoughlin@apple.com
</td>
</tr>
<tr>
<th>Reporter</th>
<td>edwin.mons@isode.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=20396" name="attach_20396" title="Additional test for bsd-string.cpp">attachment 20396</a> <a href="attachment.cgi?id=20396&action=edit" title="Additional test for bsd-string.cpp">[details]</a></span>
Additional test for bsd-string.cpp
I noticed a lot of analyzer noise on a scan-build run after an upgrade to a
recent Clang trunk build, all complaining about strlcat, and all look like they
are false positives. In short, it will complain about strlcat(dest, src,
sizeof(dest)), which according to the BSD manuals is a correct way to use this
function. I suspect size is checked as if it concerned strncat. An addition
to the check-clang-analyzer test suite is attached.
I reproduced this on Debian 9 using clang trunk (checked out using git, commit
e6a11c7e15). I don't think this is platform-specific.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>