[clang] [clang][analyzer] Add checker 'unix.cstring.MissingTerminatingZero' (PR #146664)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 19 07:24:55 PDT 2025
NagyDonat wrote:
> Probably for this checker another approach can work: Store only if a string is known to be null-terminated, or known to contain no zero at all (probably other state like "likely does not contain terminating zero" or "likely contains zero only at the end" can be used). Additionally string length should be maintained more accurately (in `CStringChecker`) and `strlen` should return the "string length" value. When handling this data in all string and memory manipulation functions simple cases of passing not null-terminated string to a function could be found.
I see the logic behind this approach, and you're right that this could be quick solution for the simple cases, but I fear that the devil is in the details and it would be difficult to ensure that this string-length-based information remains consistent with the RegionStore. For this reason I would strongly prefer an approach that would rely on the `RegionStore` and e.g. investigate the `ClusterBindings` to understand the contents (and terminated/unterminated status) of a string.
https://github.com/llvm/llvm-project/pull/146664
More information about the cfe-commits
mailing list