[PATCH] D45050: [clang-tidy] New checker for not null-terminated result caused by strlen or wcslen

Dávid Bolvanský via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed May 30 09:14:21 PDT 2018


xbolva00 added a comment.

In https://reviews.llvm.org/D45050#1116396, @Charusso wrote:

> In https://reviews.llvm.org/D45050#1116361, @xbolva00 wrote:
>
> > memcpy(crypt_buf, passwd, passwd_len); <--- warning
> >  memcpy(crypt_buf + passwd_len, salt, salt_len);
> >
> > This is a false warning since it appends strings using memcpy. But no idea what to do and if it is possible to avoid these false warnings.
>
>
> I have just tested it because of the `malloc()` function. I'm using CodeChecker and leaved the default settings, so `IsSafeFunctionsAreAvailable = 1`. Because of the malloc `strncpy_s()` cannot handle this case, but if the check would ran with `IsSafeFunctionsAreAvailable = 0`, it rewrites it to `strncpy(crypt_buf, passwd, passwd_len + 1)` which is a good transformation, as the official `memcpy()`'s result not null-terminated.


Yeah, it is a valid recommendation.


https://reviews.llvm.org/D45050





More information about the cfe-commits mailing list