[PATCH] [static analyzer] Emit buffer overflow warning in strcpy fucntion when uninitialized source array of known length(> dest length) is used
Mayur Pandey
mayur.p at samsung.com
Wed Oct 29 06:14:44 PDT 2014
Hi Arthur,
Thanks for reviewing the patch and providing valuable comments. Actually what I meant by uninitialized source array was an source array which does not contain proper string or is not properly null terminated, so probably need to change the commit message. The testcase that would appropriately test the patch would be :
char x[10] = "abcd";
char y[100] ;
memset(y,'a',100);
strcpy(x,y); // string overflow warning
when we execute the same code we get segmentation fault:
$ cat strcpy3.c
#include<string.h>
int main ()
{
char x[10] = "abcd";
char y[100] ;
memset(y,'a',100);
strcpy(x,y);
return 0;
}
$ clang strcpy3.c
$ ./a.out
Segmentation fault (core dumped)
$
And the behaviour in test cases you mentioned would be:
char x[3] = "abc";
char y[4] = "ab";
strcpy(x,y); // this will not throw warning as it fits finely into x
char x[3] = "abc";
char y[4];
strcpy(x,y); // as you pointed correctly, this would throw use-before-def for y (i had not enabled alpha checker earlier so i was getting overflow warning)
char x[3] = "abc";
char y[100];
strcpy(y, x); // the patch does not handle this as per your comments. On checking the behaviour with clang this does not seem to be buffer-overflow, I might be wrong though.
please review
Thanks,
Mayur
http://reviews.llvm.org/D6012
More information about the cfe-commits
mailing list