r359237 - [analyzer] Add FIXMEs for alpha.unix.cstring.OutOfBounds false positives.
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Thu Apr 25 13:30:15 PDT 2019
Author: dergachev
Date: Thu Apr 25 13:30:14 2019
New Revision: 359237
URL: http://llvm.org/viewvc/llvm-project?rev=359237&view=rev
Log:
[analyzer] Add FIXMEs for alpha.unix.cstring.OutOfBounds false positives.
Caused by incorrect strlcat() modeling in r332303,
cf. https://bugs.llvm.org/show_bug.cgi?id=37687#c8
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
cfe/trunk/test/Analysis/bsd-string.c
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp?rev=359237&r1=359236&r2=359237&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/CStringChecker.cpp Thu Apr 25 13:30:14 2019
@@ -1528,6 +1528,10 @@ void CStringChecker::evalStrlcat(Checker
if (CE->getNumArgs() < 3)
return;
+ // FIXME: strlcat() uses a different rule for bound checking, i.e. 'n' means
+ // a different thing as compared to strncat(). This currently causes
+ // false positives in the alpha string bound checker.
+
//char *strlcat(char *s1, const char *s2, size_t n);
evalStrcpyCommon(C, CE,
/* returnEnd = */ false,
Modified: cfe/trunk/test/Analysis/bsd-string.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/bsd-string.c?rev=359237&r1=359236&r2=359237&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/bsd-string.c (original)
+++ cfe/trunk/test/Analysis/bsd-string.c Thu Apr 25 13:30:14 2019
@@ -15,6 +15,7 @@ void f1() {
void f2() {
char buf[5];
strlcpy(buf, "abcd", sizeof(buf)); // expected-no-warning
+ // FIXME: This should not warn. The string is safely truncated.
strlcat(buf, "efgh", sizeof(buf)); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
}
More information about the cfe-commits
mailing list