<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - False positive on strcpy targeting struct member"
href="https://bugs.llvm.org/show_bug.cgi?id=39792">39792</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>False positive on strcpy targeting struct member
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>7.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>Windows 2000
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Static Analyzer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>dcoughlin@apple.com
</td>
</tr>
<tr>
<th>Reporter</th>
<td>pasa@strusoft.hu
</td>
</tr>
<tr>
<th>CC</th>
<td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>The code below is correctly silent on the first strcpy but warns on the second.
It should be silenced whenever the target is large enough to contain the string
literal regardless where the target is located.
void f()
{
char s1[100];
strcpy(s1, "hello");
struct S {char s1[100];};
S s;
strcpy(s.s1, "hello");
}
warning: Call to function 'strcpy' is insecure as it does not provide bounding
of the memory buffer. Replace unbounded copy functions with analogous functions
that support length arguments such as 'strlcpy'. CWE-119
[clang-analyzer-security.insecureAPI.strcpy]
strcpy(s.s1, "hello");
^</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>