r333060 - [analyzer] CStringChecker fix for strlcpy when no bytes are copied to the dest buffer

David Carlier via cfe-commits cfe-commits at lists.llvm.org
Tue May 22 21:38:25 PDT 2018 

Author: devnexen
Date: Tue May 22 21:38:25 2018
New Revision: 333060

URL: http://llvm.org/viewvc/llvm-project?rev=333060&view=rev
Log:
[analyzer] CStringChecker fix for strlcpy when no bytes are copied to the dest buffer

Again, strlc* does not return a pointer so the zero size case doest not fit.

Reviewers: NoQ, george.karpenkov

Reviewed by: NoQ

Differential Revision: https://reviews.llvm.org/D47007

Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
    cfe/trunk/test/Analysis/bsd-string.c

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp?rev=333060&r1=333059&r2=333060&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp Tue May 22 21:38:25 2018
@@ -1652,7 +1652,11 @@ void CStringChecker::evalStrcpyCommon(Ch
 
         // If the size is known to be zero, we're done.
         if (StateZeroSize && !StateNonZeroSize) {
-          StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, DstVal);
+          if (returnPtr) {
+            StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, DstVal);
+          } else {
+            StateZeroSize = StateZeroSize->BindExpr(CE, LCtx, *lenValNL);
+          }
           C.addTransition(StateZeroSize);
           return;
         }

Modified: cfe/trunk/test/Analysis/bsd-string.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/bsd-string.c?rev=333060&r1=333059&r2=333060&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/bsd-string.c (original)
+++ cfe/trunk/test/Analysis/bsd-string.c Tue May 22 21:38:25 2018
@@ -38,3 +38,8 @@ void f6() {
   size_t len = strlcat(buf, "defg", 4);
   clang_analyzer_eval(len == 7); // expected-warning{{TRUE}}
 }
+
+int f7() {
+  char buf[8];
+  return strlcpy(buf, "1234567", 0); // no-crash
+}

More information about the cfe-commits mailing list