[PATCH] D129269: [analyzer] Fix use of length in CStringChecker
Vince Bridgers via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 7 18:11:18 PDT 2022
vabridgers updated this revision to Diff 443101.
vabridgers added a comment.
a proposal to handle embedded null case caught by @steakhal
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D129269/new/
https://reviews.llvm.org/D129269
Files:
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
clang/test/Analysis/string.c
Index: clang/test/Analysis/string.c
===================================================================
--- clang/test/Analysis/string.c
+++ clang/test/Analysis/string.c
@@ -1652,3 +1652,8 @@
__builtin___memset_chk(&x, 0, sizeof(x), __builtin_object_size(&x, 0));
clang_analyzer_eval(x == 0); // expected-warning{{TRUE}}
}
+
+void strcpy_no_overflow_2(char *y) {
+ char x[3];
+ strcpy(x, "12\0");
+}
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -848,7 +848,15 @@
SValBuilder &svalBuilder = C.getSValBuilder();
QualType sizeTy = svalBuilder.getContext().getSizeType();
const StringLiteral *strLit = cast<StringRegion>(MR)->getStringLiteral();
- return svalBuilder.makeIntVal(strLit->getByteLength(), sizeTy);
+ unsigned countx = 0;
+ // get the number of string literal characters by the target's "code unit"
+ // size, checking for an embedded literal of 0 up to the string literal's
+ // length.
+ for (countx = 0;
+ countx < strLit->getLength() && (strLit->getCodeUnit(countx) != 0);
+ countx++)
+ ;
+ return svalBuilder.makeIntVal(countx, sizeTy);
}
case MemRegion::SymbolicRegionKind:
case MemRegion::AllocaRegionKind:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D129269.443101.patch
Type: text/x-patch
Size: 1398 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220708/16a9cf6a/attachment-0001.bin>
More information about the cfe-commits
mailing list