[clang] [clang][analyzer] Model more getline/getdelim pre and postconditions (PR #83027)
Balázs Kéri via cfe-commits
cfe-commits at lists.llvm.org
Wed Mar 20 10:21:03 PDT 2024
================
@@ -1204,6 +1204,20 @@ void StreamChecker::evalGetdelim(const FnDescription *Desc,
State->BindExpr(E.CE, C.getLocationContext(), RetVal);
StateNotFailed =
E.assumeBinOpNN(StateNotFailed, BO_GE, RetVal, E.getZeroVal(Call));
+ // The buffer size `*n` must be enough to hold the whole line, and
+ // greater than the return value, since it has to account for '\0'.
+ auto SizePtrSval = Call.getArgSVal(1);
+ auto NVal = getPointeeVal(SizePtrSval, State);
+ if (NVal) {
+ StateNotFailed = StateNotFailed->assume(
+ E.SVB
+ .evalBinOp(StateNotFailed, BO_GT, *NVal, RetVal,
+ E.SVB.getConditionType())
+ .castAs<DefinedOrUnknownSVal>(),
+ true);
+ StateNotFailed =
+ StateNotFailed->BindExpr(E.CE, C.getLocationContext(), RetVal);
+ }
----------------
balazske wrote:
I do not see a test that checks for the relation between return value and the "size" value.
https://github.com/llvm/llvm-project/pull/83027
More information about the cfe-commits
mailing list