[clang] Respect the [[clang::unsafe_buffer_usage]] attribute for field and constructor initializers (PR #91991)

Artem Dergachev via cfe-commits cfe-commits at lists.llvm.org
Tue May 14 16:03:54 PDT 2024 

================
@@ -3328,3 +3300,63 @@ void clang::checkUnsafeBufferUsage(const Decl *D,
     }
   }
 }
+
+void clang::checkUnsafeBufferUsage(const Decl *D,
+                                   UnsafeBufferUsageHandler &Handler,
+                                   bool EmitSuggestions) {
+#ifndef NDEBUG
+  Handler.clearDebugNotes();
+#endif
+
+  assert(D);
+
+  SmallVector<Stmt *> Stmts;
+
+  // We do not want to visit a Lambda expression defined inside a method
+  // independently. Instead, it should be visited along with the outer method.
+  // FIXME: do we want to do the same thing for `BlockDecl`s?
+  if (const auto *fd = dyn_cast<CXXMethodDecl>(D)) {
+    if (fd->getParent()->isLambda() && fd->getParent()->isLocalClass())
+      return;
+  }
+
+  // Do not emit fixit suggestions for functions declared in an
+  // extern "C" block.
+  if (const auto *FD = dyn_cast<FunctionDecl>(D)) {
+    for (FunctionDecl *FReDecl : FD->redecls()) {
+      if (FReDecl->isExternC()) {
+        EmitSuggestions = false;
+        break;
+      }
+    }
+
+    Stmts.push_back(FD->getBody());
+
+    if (const auto *ID = dyn_cast<CXXConstructorDecl>(D)) {
+      for (const CXXCtorInitializer *CI : ID->inits()) {
+        Stmts.push_back(CI->getInit());
+      }
+    }
+  }
+
+  if (const auto *FD = dyn_cast<FieldDecl>(D)) {
----------------
haoNoQ wrote:

I think the rest of the machine may be super unprepared for the scenario when there's no complete "function" under analysis. We obviously want to find unsafe operations in such code but I think it's a good idea to temporarily suppress suggestion/fixit generation in this scenario (like hard-assign `EmitSuggestions` to false here), until we carefully confirm that the suggestion/fixit machine actually works. It's unlikely to produce useful suggestions or fixits anyway, unless the initializer somehow contains an entire compound statement with local variables or nested functions or classes inside. But I think it's very likely to step on some assertions and crash because we haven't considered this scenario at all until recently.

Global variable initializers are probably in the same situation.

https://github.com/llvm/llvm-project/pull/91991

More information about the cfe-commits mailing list