[PATCH] D43928: [analyzer] Correctly measure array size in security.insecureAPI.strcpy

AndrĂ¡s Leitereg via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Mar 2 06:22:41 PST 2018


leanil added inline comments.


================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:517
     if (const auto *Array = dyn_cast<ConstantArrayType>(DeclRef->getType())) {
-      uint64_t ArraySize = BR.getContext().getTypeSize(Array) / 8;
+      auto ArraySize = BR.getContext().getTypeSizeInChars(Array).getQuantity();
       if (const auto *String = dyn_cast<StringLiteral>(Source)) {
----------------
NoQ wrote:
> I suggest not using `auto` here, because it makes it harder to understand integer promotions (potential overflows or sign extensions) in the comparison.
That's true. Should it be `CharUnits::QuantityType` then?


https://reviews.llvm.org/D43928





More information about the cfe-commits mailing list