[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

Balazs Benics via cfe-commits cfe-commits at lists.llvm.org
Fri Mar 8 05:07:57 PST 2024 

================
@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext &C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+                                    const CallEvent &Call, CharKind CK) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  const LocationContext *LCtx = C.getLocationContext();
+  SValBuilder &Builder = C.getSValBuilder();
+  SVal MaxLength = Builder.makeIntVal(256, C.getASTContext().IntTy);
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+      assumeZero(C, State, SizeVal, SizeTy);
+
+  if (StateZeroSize) {
+    StateZeroSize = State->BindExpr(Call.getOriginExpr(), LCtx,
+                              Builder.makeZeroVal(C.getASTContext().IntTy));
+    C.addTransition(StateZeroSize);
+    return;
+  }
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+    return;
+
+  QualType cmpTy = C.getSValBuilder().getConditionType();
+  ProgramStateRef bufferTooLong, bufferNotTooLong;
+  std::tie(bufferTooLong, bufferNotTooLong) = State->assume(
+	 Builder
+	.evalBinOpNN(State, BO_GT, *SizeVal.getAs<NonLoc>(), *MaxLength.getAs<NonLoc>(), cmpTy)
+	.castAs<DefinedOrUnknownSVal>());
+  if (bufferTooLong) {
+    ErrorMessage Message;
+    llvm::raw_svector_ostream Os(Message);
+    Os << "size is greater than 256";
+    emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, Message);
----------------
steakhal wrote:

```suggestion
    emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, "size is greater than 256");
```

But actually, I don't think an "out of bounds" error is appropriate here; and the provided message could be rephrased to "the 'length' argument to 'getentropy' must be smaller than or equal to 256". This hints the user how to fix this. @haoNoQ WDYT of reporting this as an out-of-bounds access?

https://github.com/llvm/llvm-project/pull/83675

More information about the cfe-commits mailing list