[clang] [analyzer][NFC] Add ArrayBoundV2 testcase to document bad cast modeling (PR #108799)

via cfe-commits cfe-commits at lists.llvm.org
Mon Sep 16 00:28:12 PDT 2024 

llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-clang

Author: DonĂ¡t Nagy (NagyDonat)

<details>
<summary>Changes</summary>

Add a FIXME testcase which documents less than ideal behavior of the analyzer when a `const char *` is converted to `const unsigned char *`. This testcase is motivated by an ArrayBoundV2 report produced on the source file `id3v2enc.c` within the ffmpeg project.

---
Full diff: https://github.com/llvm/llvm-project/pull/108799.diff


1 Files Affected:

- (modified) clang/test/Analysis/out-of-bounds.c (+17-1) 


``````````diff
diff --git a/clang/test/Analysis/out-of-bounds.c b/clang/test/Analysis/out-of-bounds.c
index 1f771c2b3bd138..9b9cc368af94dc 100644
--- a/clang/test/Analysis/out-of-bounds.c
+++ b/clang/test/Analysis/out-of-bounds.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection -verify %s
+// RUN: %clang_analyze_cc1 -Wno-array-bounds -Wno-pointer-sign -analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection -verify %s
 
 void clang_analyzer_eval(int);
 
@@ -194,3 +194,19 @@ char test_comparison_with_extent_symbol(struct incomplete *p) {
   return ((char *)p)[-1]; // no-warning
 }
 
+
+typedef unsigned char uint8_t;
+static int string_is_ascii(const uint8_t *str) {
+  while (*str && *str < 128) str++;
+  // expected-warning at -1 {{Out of bound access to memory}}
+  return !*str;
+}
+void test_charptr_ucharptr_conversion(void) {
+  const char *s = "";
+  // NOTE: This code passes a `const char *` to a `const unsigned char *`
+  // parameter, which is a bit dodgy (it would be reported by -Wpointer-sign),
+  // but works on platforms where `char` is unsigned.
+  // FIXME: The analyzer is confused by this conversion and cannot deduce that
+  // `*str` is immediately equal to zero within `string_is_ascii()`.
+  string_is_ascii(s);
+}

``````````

</details>


https://github.com/llvm/llvm-project/pull/108799

More information about the cfe-commits mailing list