[PATCH] D43928: [analyzer] Correctly measure array size in security.insecureAPI.strcpy
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 1 09:20:09 PST 2018
NoQ added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:517
if (const auto *Array = dyn_cast<ConstantArrayType>(DeclRef->getType())) {
- uint64_t ArraySize = BR.getContext().getTypeSize(Array) / 8;
+ auto ArraySize = BR.getContext().getTypeSizeInChars(Array).getQuantity();
if (const auto *String = dyn_cast<StringLiteral>(Source)) {
----------------
I suggest not using `auto` here, because it makes it harder to understand integer promotions (potential overflows or sign extensions) in the comparison.
https://reviews.llvm.org/D43928
More information about the cfe-commits
mailing list