[PATCH] D47007: [Sanitizer] CStringChecker fix for strlcpy when no bytes are copied to the dest buffer
David CARLIER via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu May 17 02:37:25 PDT 2018
devnexen created this revision.
devnexen added reviewers: NoQ, george.karpenkov.
devnexen created this object with visibility "All Users".
Herald added a subscriber: cfe-commits.
Again strlc* does not return a pointer so the zero size case does not fit.
Repository:
rC Clang
https://reviews.llvm.org/D47007
Files:
lib/StaticAnalyzer/Checkers/CStringChecker.cpp
test/Analysis/bsd-string.c
Index: test/Analysis/bsd-string.c
===================================================================
--- test/Analysis/bsd-string.c
+++ test/Analysis/bsd-string.c
@@ -38,3 +38,8 @@
size_t len = strlcat(buf, "defg", 4);
clang_analyzer_eval(len == 7); // expected-warning{{TRUE}}
}
+
+int f7() {
+ char buf[8];
+ return strlcpy(buf, "1234567", 0); // no-crash
+}
Index: lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -1652,7 +1652,11 @@
// If the size is known to be zero, we're done.
if (StateZeroSize && !StateNonZeroSize) {
- StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, DstVal);
+ if (returnPtr) {
+ StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, DstVal);
+ } else {
+ StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, *lenValNL);
+ }
C.addTransition(StateZeroSize);
return;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D47007.147276.patch
Type: text/x-patch
Size: 1079 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180517/66846976/attachment.bin>
More information about the cfe-commits
mailing list