[clang] ee073c7 - [analyzer][StdLibraryFunctionsChecker] Fix typos in summaries of mmap and mmap64
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 30 09:07:06 PST 2020
Author: Balazs Benics
Date: 2020-11-30T18:06:28+01:00
New Revision: ee073c798515e56b23463391a7b40d5ee6527337
URL: https://github.com/llvm/llvm-project/commit/ee073c798515e56b23463391a7b40d5ee6527337
DIFF: https://github.com/llvm/llvm-project/commit/ee073c798515e56b23463391a7b40d5ee6527337.diff
LOG: [analyzer][StdLibraryFunctionsChecker] Fix typos in summaries of mmap and mmap64
The fd parameter of
```
void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset)
```
should be constrained to the range [0, IntMax] as that is of type int.
Constraining to the range [0, Off_tMax] would result in a crash as that is
of a signed type with the value of 0xff..f (-1).
The crash would happen when we try to apply the arg constraints.
At line 583: assert(Min <= Max), as 0 <= -1 is not satisfied
The mmap64 is fixed for the same reason.
Reviewed By: martong, vsavchenko
Differential Revision: https://reviews.llvm.org/D92307
Added:
clang/test/Analysis/std-c-library-posix-crash.c
Modified:
clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
Removed:
################################################################################
diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
index 10011effe039..f8eafde3218d 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
@@ -1722,7 +1722,6 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
"ftello", Signature(ArgTypes{FilePtrTy}, RetType{Off_tTy}),
Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0))));
- Optional<RangeInt> Off_tMax = getMaxValue(Off_tTy);
// void *mmap(void *addr, size_t length, int prot, int flags, int fd,
// off_t offset);
addToFunctionSummaryMap(
@@ -1732,10 +1731,9 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
Summary(NoEvalCall)
.ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax)))
.ArgConstraint(
- ArgumentCondition(4, WithinRange, Range(0, Off_tMax))));
+ ArgumentCondition(4, WithinRange, Range(0, IntMax))));
Optional<QualType> Off64_tTy = lookupTy("off64_t");
- Optional<RangeInt> Off64_tMax = getMaxValue(Off_tTy);
// void *mmap64(void *addr, size_t length, int prot, int flags, int fd,
// off64_t offset);
addToFunctionSummaryMap(
@@ -1745,7 +1743,7 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
Summary(NoEvalCall)
.ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax)))
.ArgConstraint(
- ArgumentCondition(4, WithinRange, Range(0, Off64_tMax))));
+ ArgumentCondition(4, WithinRange, Range(0, IntMax))));
// int pipe(int fildes[2]);
addToFunctionSummaryMap(
diff --git a/clang/test/Analysis/std-c-library-posix-crash.c b/clang/test/Analysis/std-c-library-posix-crash.c
new file mode 100644
index 000000000000..23321d548d6d
--- /dev/null
+++ b/clang/test/Analysis/std-c-library-posix-crash.c
@@ -0,0 +1,18 @@
+// RUN: %clang_analyze_cc1 \
+// RUN: -analyzer-checker=core,apiModeling.StdCLibraryFunctions \
+// RUN: -analyzer-config apiModeling.StdCLibraryFunctions:ModelPOSIX=true \
+// RUN: -verify %s
+//
+// expected-no-diagnostics
+
+typedef long off_t;
+typedef long long off64_t;
+typedef unsigned long size_t;
+
+void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset);
+void *mmap64(void *addr, size_t length, int prot, int flags, int fd, off64_t offset);
+
+void test(long len) {
+ mmap(0, len, 2, 1, 0, 0); // no-crash
+ mmap64(0, len, 2, 1, 0, 0); // no-crash
+}
More information about the cfe-commits
mailing list