[PATCH] D150430: Implement BufferOverlap check for sprint/snprintf
Arnaud Bienner via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sun May 14 11:54:48 PDT 2023
ArnaudBienner updated this revision to Diff 522019.
ArnaudBienner added a comment.
Updating D150430 <https://reviews.llvm.org/D150430>: Implement BufferOverlap check for sprint/snprintf
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D150430/new/
https://reviews.llvm.org/D150430
Files:
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
clang/test/Analysis/buffer-overlap.c
Index: clang/test/Analysis/buffer-overlap.c
===================================================================
--- clang/test/Analysis/buffer-overlap.c
+++ clang/test/Analysis/buffer-overlap.c
@@ -45,6 +45,16 @@
sprintf(a, "%d/%s", 1, a); // expected-warning{{overlapping}}
}
+void test_sprintf2() {
+ char a[4] = {0};
+ sprintf(a, "%s", a); // expected-warning{{overlapping}}
+}
+
+void test_sprintf3() {
+ char a[4] = {0};
+ sprintf(a, "%s/%s", a, a); // expected-warning{{overlapping}}
+}
+
void test_snprintf1() {
char a[4] = {0};
snprintf(a, sizeof(a), "%d/%s", 1, a); // expected-warning{{overlapping}}
@@ -54,3 +64,13 @@
char a[4] = {0};
snprintf(a+1, sizeof(a)-1, "%d/%s", 1, a); // expected-warning{{overlapping}}
}
+
+void test_snprintf3() {
+ char a[4] = {0};
+ snprintf(a, sizeof(a), "%s", a); // expected-warning{{overlapping}}
+}
+
+void test_snprintf4() {
+ char a[4] = {0};
+ snprintf(a, sizeof(a), "%s/%s", a, a); // expected-warning{{overlapping}}
+}
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -2380,9 +2380,9 @@
// Check that the source and destination do not overlap.
// Iterate over CE->getNumArgs(), skipping all parameters which are not format
// arguments
- // For sprintf case, it starts at index 3:
+ // For sprintf case, it starts at position 3/index 2:
// sprintf(char *buffer, const char* format, ... /* format arguments */);
- unsigned int format_arguments_start_idx = 3;
+ unsigned int format_arguments_start_idx = 2;
// snprintf case: one extra extra arguments for size
// int snprintf(char *buffer, size_t bufsz, const char *format,
// ... /* format arguments */);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D150430.522019.patch
Type: text/x-patch
Size: 1867 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230514/a2d0a197/attachment-0001.bin>
More information about the cfe-commits
mailing list