[cfe-commits] [PATCH] review request - strcmp/strcasecmp security checker

Joerg Sonnenberger joerg at britannica.bec.de
Wed Apr 6 15:59:42 PDT 2011


On Wed, Apr 06, 2011 at 04:25:21PM -0600, Lenny Maiorani wrote:
> Add security syntax checker for strcmp() and strcasecmp() which causes
> the Static Analyzer to generate a warning any time the strcmp()
> function is used with a note suggesting to use a function which
> provides bounded buffers such as strncmp() or strncasecmp(). CWE-119.

Sorry, but this sounds completely wrong.

> +void test_strcmp() {
> +  char x[4];
> +  char *y;
> +
> +  strcmp(x, y); //expected-warning{{Call to function 'strcmp' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strncmp'. CWE-119.}}

This warning is bogus. It is using uninitialised memory. The warning
also only makes sense at all if there is a code path that doesn't ensure
0-termination. IMO this is doing the reverse of what is sane and as such
just producing noise without finding the real problems like use of
strcmp after strncpy.

Joerg



More information about the cfe-commits mailing list