[PATCH] D129269: [analyzer] Fix use of length in CStringChecker
Vince Bridgers via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Jul 11 08:39:35 PDT 2022
vabridgers updated this revision to Diff 443658.
vabridgers edited the summary of this revision.
vabridgers added a comment.
update per comments from @martong
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D129269/new/
https://reviews.llvm.org/D129269
Files:
clang/docs/analyzer/checkers.rst
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
clang/test/Analysis/string.c
Index: clang/test/Analysis/string.c
===================================================================
--- clang/test/Analysis/string.c
+++ clang/test/Analysis/string.c
@@ -1652,3 +1652,18 @@
__builtin___memset_chk(&x, 0, sizeof(x), __builtin_object_size(&x, 0));
clang_analyzer_eval(x == 0); // expected-warning{{TRUE}}
}
+
+#ifndef SUPPRESS_OUT_OF_BOUND
+void strcpy_no_overflow_2(char *y) {
+ char x[3];
+ // FIXME: string literal modeling does not account for embedded NULLs.
+ // This case should not elicit a warning, but does.
+ // See discussion at https://reviews.llvm.org/D129269
+ strcpy(x, "12\0"); // expected-warning{{String copy function overflows the destination buffer}}
+}
+#else
+void strcpy_no_overflow_2(char *y) {
+ char x[3];
+ strcpy(x, "12\0");
+}
+#endif
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -848,7 +848,7 @@
SValBuilder &svalBuilder = C.getSValBuilder();
QualType sizeTy = svalBuilder.getContext().getSizeType();
const StringLiteral *strLit = cast<StringRegion>(MR)->getStringLiteral();
- return svalBuilder.makeIntVal(strLit->getByteLength(), sizeTy);
+ return svalBuilder.makeIntVal(strLit->getLength(), sizeTy);
}
case MemRegion::SymbolicRegionKind:
case MemRegion::AllocaRegionKind:
Index: clang/docs/analyzer/checkers.rst
===================================================================
--- clang/docs/analyzer/checkers.rst
+++ clang/docs/analyzer/checkers.rst
@@ -2726,6 +2726,9 @@
""""""""""""""""""""""""""""""""""
Check for out-of-bounds access in string functions; applies to:`` strncopy, strncat``.
+This check also applies to string literals, except there is a known bug in that
+the analyzer cannot detect embedded NULL characters.
+
.. code-block:: c
void test() {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D129269.443658.patch
Type: text/x-patch
Size: 1985 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220711/591faff1/attachment.bin>
More information about the cfe-commits
mailing list