[clang] [clang][analyzer] Support `fgets` in the SteamChecker (PR #73638)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Wed Jan 24 07:44:32 PST 2024
================
@@ -778,42 +781,61 @@ void StreamChecker::evalFgetc(const FnDescription *Desc, const CallEvent &Call,
assertStreamStateOpened(OldSS);
----------------
steakhal wrote:
At first glance you should be right. However, when I tried it, it didn't break any tests but this one.
I presume there must be something else going on that prevents escaping the stream pointer.
I've not checked.
Alternatively what I did was this:
```c++
[[nodiscard]] static ProgramStateRef
escapeArgsAfterIndex(ProgramStateRef State, CheckerContext &C,
const CallEvent &Call, unsigned FirstEscapingArgIndex) {
const auto *CE = Call.getOriginExpr();
assert(CE);
if (Call.getNumArgs() <= FirstEscapingArgIndex)
return State;
SmallVector<SVal> EscapingArgs;
EscapingArgs.reserve(Call.getNumArgs() - FirstEscapingArgIndex);
for (auto EscArgIdx :
llvm::seq<int>(FirstEscapingArgIndex, Call.getNumArgs()))
EscapingArgs.push_back(Call.getArgSVal(EscArgIdx));
State = State->invalidateRegions(EscapingArgs, CE, C.blockCount(),
C.getLocationContext(),
/*CausesPointerEscape=*/false);
return State;
}
// at the callsite:
State = escapeArgsAfterIndex(State, C, Call, /*FirstEscapingArgIndex=*/2);
```
https://github.com/llvm/llvm-project/pull/73638
More information about the cfe-commits
mailing list