[all-commits] [llvm/llvm-project] 1bd2d3: [analyzer][CStringChecker] Adjust the invalidation...

Mon Jul 3 01:15:22 PDT 2023

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 1bd2d335b649f2e09d7e4bdd0b92c78489ded022
      https://github.com/llvm/llvm-project/commit/1bd2d335b649f2e09d7e4bdd0b92c78489ded022
  Author: Ella Ma <alansnape3058 at gmail.com>
  Date:   2023-07-03 (Mon, 03 Jul 2023)

  Changed paths:
    M clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
    M clang/test/Analysis/Inputs/system-header-simulator.h
    A clang/test/Analysis/issue-55019.cpp
    M clang/test/Analysis/pr22954.c

  Log Message:
  -----------
  [analyzer][CStringChecker] Adjust the invalidation operation on the super region of the destination buffer during string copy

Fixing GitHub issue: https://github.com/llvm/llvm-project/issues/55019
Following the previous fix https://reviews.llvm.org/D12571 on issue https://github.com/llvm/llvm-project/issues/23328

The two issues report false memory leaks after calling string-copy APIs with a buffer field in an object as the destination.
The buffer invalidation incorrectly drops the assignment to a heap memory block when no overflow problems happen.
And the pointer of the dropped assignment is declared in the same object of the destination buffer.

The previous fix only considers the `memcpy` functions whose copy length is available from arguments.
In this issue, the copy length is inferable from the buffer declaration and string literals being copied.
Therefore, I have adjusted the previous fix to reuse the copy length computed before.

Besides, for APIs that never overflow (strsep) or we never know whether they can overflow (std::copy),
new invalidation operations have been introduced to inform CStringChecker::InvalidateBuffer whether or not to
invalidate the super region that encompasses the destination buffer.

Reviewed By: steakhal

Differential Revision: https://reviews.llvm.org/D152435