[clang] [clang][analyzer] Move checker alpha.unix.StdCLibraryFunctions out of alpha. (PR #66207)
via cfe-commits
cfe-commits at lists.llvm.org
Tue Sep 19 07:52:29 PDT 2023
================
@@ -1026,6 +1026,100 @@ Check for null pointers being passed as arguments to C string functions:
return strlen(0); // warn
}
+.. _unix-StdCLibraryFunctions:
+
+unix.StdCLibraryFunctions (C)
+"""""""""""""""""""""""""""""""""""
+Check for calls of standard library functions that violate predefined argument
+constraints. For example, it is stated in the C standard that for the ``int
+isalnum(int ch)`` function the behavior is undefined if the value of ``ch`` is
+not representable as unsigned char and is not equal to ``EOF``.
+
+.. code-block:: c
+
+ #define EOF -1
+ void test_alnum_concrete(int v) {
+ int ret = isalnum(256); // \
+ // warning: Function argument outside of allowed range
+ (void)ret;
+ }
+
+ void buffer_size_violation(FILE *file) {
+ enum { BUFFER_SIZE = 1024 };
+ wchar_t wbuf[BUFFER_SIZE];
+
+ const size_t size = sizeof(*wbuf); // 4
+ const size_t nitems = sizeof(wbuf); // 4096
+
+ // Below we receive a warning because the 3rd parameter should be the
+ // number of elements to read, not the size in bytes. This case is a known
+ // vulnerability described by the ARR38-C SEI-CERT rule.
+ fread(wbuf, size, nitems, file);
+ }
+
+You can think of this checker as defining restrictions (pre- and postconditions)
+on standard library functions. Preconditions are checked, and when they are
+violated, a warning is emitted. Post conditions are added to the analysis, e.g.
+that the return value must be no greater than 255.
----------------
DonatNagyE wrote:
"the return value" of what? I think a function name is missing here.
https://github.com/llvm/llvm-project/pull/66207
More information about the cfe-commits
mailing list