[clang] [analyzer] Make recognition of hardened __FOO_chk functions explicit (PR #86536)
via cfe-commits
cfe-commits at lists.llvm.org
Wed Mar 27 05:10:57 PDT 2024
NagyDonat wrote:
[Replying to the following inline comment of @steakhal :]
> You had a comment about __builtin___vsprintf_chk.
```
// This is using `equals()` instead of more lenient prefix/suffix/substring
// checks because we don't want to say that e.g. `__builtin___vsprintf_chk()`
// is a hardened variant of `sprintf()`.
```
> I wonder if we could have a test demonstrating that.
Instead of demonstrating this with `sprintf` / `vsprintf`, I ended up creating testcases that use `memcpy` / `wmemcpy`, because in the non-hardened case the analogous problem was tested with `memcpy` / `wmemcpy`. I wrote this comment before creating those testcases; now that the testcases are there, I removed the comment (by merging your suggestion that tweaks the adjacent code).
https://github.com/llvm/llvm-project/pull/86536
More information about the cfe-commits
mailing list