r178371 - Sema: Warn on sizeof on binary ops on decayed arrays.
Benjamin Kramer
benny.kra at googlemail.com
Fri Mar 29 14:43:21 PDT 2013
Author: d0k
Date: Fri Mar 29 16:43:21 2013
New Revision: 178371
URL: http://llvm.org/viewvc/llvm-project?rev=178371&view=rev
Log:
Sema: Warn on sizeof on binary ops on decayed arrays.
The array will decay into a pointer, creating an unexpected result.
sizeof(array + int) is an easy to make typo for sizeof(array) + int.
This was motivated by a NetBSD security bug, used sizeof(key - r) instead of
sizeof(key) - r, reducing entropy in a random number generator.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/subr_cprng.c.diff?r1=1.14&r2=1.15&only_with_tag=MAIN&f=h
Differential Revision: http://llvm-reviews.chandlerc.com/D571
Added:
cfe/trunk/test/Sema/warn-sizeof-array-decay.c
Modified:
cfe/trunk/include/clang/Basic/DiagnosticGroups.td
cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td
cfe/trunk/lib/Sema/SemaExpr.cpp
cfe/trunk/test/Sema/expr-comma-c99.c
cfe/trunk/test/Sema/expr-comma.c
Modified: cfe/trunk/include/clang/Basic/DiagnosticGroups.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/DiagnosticGroups.td?rev=178371&r1=178370&r2=178371&view=diff
==============================================================================
--- cfe/trunk/include/clang/Basic/DiagnosticGroups.td (original)
+++ cfe/trunk/include/clang/Basic/DiagnosticGroups.td Fri Mar 29 16:43:21 2013
@@ -215,6 +215,7 @@ def : DiagGroup<"stack-protector">;
def : DiagGroup<"switch-default">;
def : DiagGroup<"synth">;
def SizeofArrayArgument : DiagGroup<"sizeof-array-argument">;
+def SizeofArrayDecay : DiagGroup<"sizeof-array-decay">;
def SizeofPointerMemaccess : DiagGroup<"sizeof-pointer-memaccess">;
def StaticInInline : DiagGroup<"static-in-inline">;
def GNUStaticFloatInit : DiagGroup<"gnu-static-float-init">;
@@ -421,6 +422,7 @@ def Most : DiagGroup<"most", [
ReturnType,
SelfAssignment,
SizeofArrayArgument,
+ SizeofArrayDecay,
StringPlusInt,
Trigraphs,
Uninitialized,
Modified: cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td?rev=178371&r1=178370&r2=178371&view=diff
==============================================================================
--- cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td (original)
+++ cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td Fri Mar 29 16:43:21 2013
@@ -4033,6 +4033,10 @@ def warn_sizeof_array_param : Warning<
"sizeof on array function parameter will return size of %0 instead of %1">,
InGroup<SizeofArrayArgument>;
+def warn_sizeof_array_decay : Warning<
+ "sizeof on pointer operation will return size of %0 instead of %1">,
+ InGroup<SizeofArrayDecay>;
+
def err_sizeof_nonfragile_interface : Error<
"application of '%select{alignof|sizeof}1' to interface %0 is "
"not supported on this architecture and platform">;
Modified: cfe/trunk/lib/Sema/SemaExpr.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Sema/SemaExpr.cpp?rev=178371&r1=178370&r2=178371&view=diff
==============================================================================
--- cfe/trunk/lib/Sema/SemaExpr.cpp (original)
+++ cfe/trunk/lib/Sema/SemaExpr.cpp Fri Mar 29 16:43:21 2013
@@ -3089,6 +3089,24 @@ static bool CheckObjCTraitOperandConstra
return false;
}
+/// \brief Check whether E is a pointer from a decayed array type (the decayed
+/// pointer type is equal to T) and emit a warning if it is.
+static void warnOnSizeofOnArrayDecay(Sema &S, SourceLocation Loc, QualType T,
+ Expr *E) {
+ // Don't warn if the operation changed the type.
+ if (T != E->getType())
+ return;
+
+ // Now look for array decays.
+ ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(E);
+ if (!ICE || ICE->getCastKind() != CK_ArrayToPointerDecay)
+ return;
+
+ S.Diag(Loc, diag::warn_sizeof_array_decay) << ICE->getSourceRange()
+ << ICE->getType()
+ << ICE->getSubExpr()->getType();
+}
+
/// \brief Check the constrains on expression operands to unary type expression
/// and type traits.
///
@@ -3142,6 +3160,16 @@ bool Sema::CheckUnaryExprOrTypeTraitOper
}
}
}
+
+ // Warn on "sizeof(array op x)" and "sizeof(x op array)", where the array
+ // decays into a pointer and returns an unintended result. This is most
+ // likely a typo for "sizeof(array) op x".
+ if (BinaryOperator *BO = dyn_cast<BinaryOperator>(E->IgnoreParens())) {
+ warnOnSizeofOnArrayDecay(*this, BO->getOperatorLoc(), BO->getType(),
+ BO->getLHS());
+ warnOnSizeofOnArrayDecay(*this, BO->getOperatorLoc(), BO->getType(),
+ BO->getRHS());
+ }
}
return false;
Modified: cfe/trunk/test/Sema/expr-comma-c99.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Sema/expr-comma-c99.c?rev=178371&r1=178370&r2=178371&view=diff
==============================================================================
--- cfe/trunk/test/Sema/expr-comma-c99.c (original)
+++ cfe/trunk/test/Sema/expr-comma-c99.c Fri Mar 29 16:43:21 2013
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 %s -fsyntax-only -verify -std=c99
+// RUN: %clang_cc1 %s -fsyntax-only -verify -std=c99 -Wno-sizeof-array-decay
// expected-no-diagnostics
// rdar://6095180
Modified: cfe/trunk/test/Sema/expr-comma.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Sema/expr-comma.c?rev=178371&r1=178370&r2=178371&view=diff
==============================================================================
--- cfe/trunk/test/Sema/expr-comma.c (original)
+++ cfe/trunk/test/Sema/expr-comma.c Fri Mar 29 16:43:21 2013
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 %s -fsyntax-only -verify -std=c89
+// RUN: %clang_cc1 %s -fsyntax-only -verify -std=c89 -Wno-sizeof-array-decay
// expected-no-diagnostics
// rdar://6095180
Added: cfe/trunk/test/Sema/warn-sizeof-array-decay.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Sema/warn-sizeof-array-decay.c?rev=178371&view=auto
==============================================================================
--- cfe/trunk/test/Sema/warn-sizeof-array-decay.c (added)
+++ cfe/trunk/test/Sema/warn-sizeof-array-decay.c Fri Mar 29 16:43:21 2013
@@ -0,0 +1,18 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+
+void f(int x) {
+ char foo[10];
+ int bar[20];
+ char qux[30];
+
+ (void)sizeof(bar + 10); // expected-warning{{sizeof on pointer operation will return size of 'int *' instead of 'int [20]'}}
+ (void)sizeof(foo - 20); // expected-warning{{sizeof on pointer operation will return size of 'char *' instead of 'char [10]'}}
+ (void)sizeof(bar - x); // expected-warning{{sizeof on pointer operation will return size of 'int *' instead of 'int [20]'}}
+ (void)sizeof(foo + x); // expected-warning{{sizeof on pointer operation will return size of 'char *' instead of 'char [10]'}}
+
+ // This is ptrdiff_t.
+ (void)sizeof(foo - qux); // no-warning
+
+ (void)sizeof(foo, x); // no-warning
+ (void)sizeof(x, foo); // expected-warning{{sizeof on pointer operation will return size of 'char *' instead of 'char [10]'}}
+}
More information about the cfe-commits
mailing list