[PATCH] D45050: [clang-tidy] New checker for not null-terminated result caused by strlen or wcslen
Csaba Dabis via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Apr 24 16:28:12 PDT 2018
Charusso added a comment.
In https://reviews.llvm.org/D45050#1071897, @xbolva00 wrote:
> Shouldn't it catch in curl also this code?
>
> urllen = strlen(url_clone);
>
> ....
>
> memcpy(newest, url_clone, urllen);
>
> Edit: if possible, report these bugs to project developers :)
Thanks for your idea @xbolva00, I will implement this feature, but currently I have problems with parens which cause ugly fix-its. After the review I will share the results with the devs.
In https://reviews.llvm.org/D45050#1071926, @xbolva00 wrote:
> Another idea if you want to implement it - check fopen.
>
> FILE *f = fopen("file", "r"); // read only
> fputs("str", f); // we are writing -> boom, sigsegv or something like that.
Thanks for your sharing but I think I will move forward to Static Analyzer with my own projects.
https://reviews.llvm.org/D45050
More information about the cfe-commits
mailing list