[PATCH] D150430: Implement BufferOverlap check for sprint/snprintf

Arnaud Bienner via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Sun May 14 11:54:48 PDT 2023 

ArnaudBienner updated this revision to Diff 522019.
ArnaudBienner added a comment.

Updating D150430 <https://reviews.llvm.org/D150430>: Implement BufferOverlap check for sprint/snprintf


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D150430/new/

https://reviews.llvm.org/D150430

Files:
  clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
  clang/test/Analysis/buffer-overlap.c


Index: clang/test/Analysis/buffer-overlap.c
===================================================================
--- clang/test/Analysis/buffer-overlap.c
+++ clang/test/Analysis/buffer-overlap.c
@@ -45,6 +45,16 @@
   sprintf(a, "%d/%s", 1, a); // expected-warning{{overlapping}}
 }
 
+void test_sprintf2() {
+  char a[4] = {0};
+  sprintf(a, "%s", a); // expected-warning{{overlapping}}
+}
+
+void test_sprintf3() {
+  char a[4] = {0};
+  sprintf(a, "%s/%s", a, a); // expected-warning{{overlapping}}
+}
+
 void test_snprintf1() {
   char a[4] = {0};
   snprintf(a, sizeof(a), "%d/%s", 1, a); // expected-warning{{overlapping}}
@@ -54,3 +64,13 @@
   char a[4] = {0};
   snprintf(a+1, sizeof(a)-1, "%d/%s", 1, a); // expected-warning{{overlapping}}
 }
+
+void test_snprintf3() {
+  char a[4] = {0};
+  snprintf(a, sizeof(a), "%s", a); // expected-warning{{overlapping}}
+}
+
+void test_snprintf4() {
+  char a[4] = {0};
+  snprintf(a, sizeof(a), "%s/%s", a, a); // expected-warning{{overlapping}}
+}
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -2380,9 +2380,9 @@
   // Check that the source and destination do not overlap.
   // Iterate over CE->getNumArgs(), skipping all parameters which are not format
   // arguments
-  // For sprintf case, it starts at index 3:
+  // For sprintf case, it starts at position 3/index 2:
   // sprintf(char *buffer, const char* format, ... /* format arguments */);
-  unsigned int format_arguments_start_idx = 3;
+  unsigned int format_arguments_start_idx = 2;
   // snprintf case: one extra extra arguments for size
   // int snprintf(char *buffer, size_t bufsz, const char *format,
   //              ... /* format arguments */);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D150430.522019.patch
Type: text/x-patch
Size: 1867 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230514/a2d0a197/attachment-0001.bin>

More information about the cfe-commits mailing list