[PATCH] D43928: [analyzer] Correctly measure array size in security.insecureAPI.strcpy
AndrĂ¡s Leitereg via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Mar 2 06:22:41 PST 2018
leanil added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:517
if (const auto *Array = dyn_cast<ConstantArrayType>(DeclRef->getType())) {
- uint64_t ArraySize = BR.getContext().getTypeSize(Array) / 8;
+ auto ArraySize = BR.getContext().getTypeSizeInChars(Array).getQuantity();
if (const auto *String = dyn_cast<StringLiteral>(Source)) {
----------------
NoQ wrote:
> I suggest not using `auto` here, because it makes it harder to understand integer promotions (potential overflows or sign extensions) in the comparison.
That's true. Should it be `CharUnits::QuantityType` then?
https://reviews.llvm.org/D43928
More information about the cfe-commits
mailing list