[PATCH] D69813: [analyzer][WIP] CERTStrChecker: Model gets()
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 4 11:54:11 PST 2019
NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/cert/StrChecker.cpp:184
+ if (IsFix) {
+ if (Optional<std::string> SizeStr = getSizeExprAsString(Call, CallC, C)) {
+ renameFunctionFix(UseSafeFunctions ? "gets_s" : "fgets", Call, *Report);
----------------
Also, which is probably more important, you will never be able to provide a fixit for the malloced memory case, because there may be multiple execution paths that reach the current point with different size expressions (in fact, not necessarily all of them are malloced).
Eg.:
```lang=c
char *x = 0;
char y[10];
if (coin()) {
x = malloc(20);
} else {
x = y;
}
gets(x);
```
If you suggest replacing `gets(x)` with `gets_s(x, 20)`, you'll still have a buffer overflow on the else-branch on which `x` points to an array of 10 bytes.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D69813/new/
https://reviews.llvm.org/D69813
More information about the cfe-commits
mailing list