[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 7 04:41:39 PST 2024
Alejandro =?utf-8?q?Álvarez_Ayllón?Message-ID:
In-Reply-To: <llvm.org/llvm/llvm-project/pull/83027 at github.com>
================
@@ -1196,6 +1342,11 @@ void StreamChecker::evalGetdelim(const FnDescription *Desc,
E.isStreamEof() ? ErrorFEof : ErrorFEof | ErrorFError;
StateFailed = E.setStreamState(
StateFailed, StreamState::getOpened(Desc, NewES, !NewES.isFEof()));
+ // On failure, the content of the buffer is undefined.
+ if (auto NewLinePtr = getPointeeDefVal(Call.getArgSVal(0), State)) {
+ StateFailed = StateFailed->bindLoc(*NewLinePtr, UndefinedVal(),
+ C.getLocationContext());
+ }
----------------
steakhal wrote:
Did you test that reading from the line buffer after a `getdelim` fails, would trigger a "garbage read" sink?
https://github.com/llvm/llvm-project/pull/83027
More information about the cfe-commits
mailing list