[clang] [analyzer] CStringChecker: fix crash in `CheckOverlap` when arguments are not pointers (PR #160511)

via cfe-commits cfe-commits at lists.llvm.org
Mon Sep 29 03:12:07 PDT 2025 

https://github.com/guillem-bartrina-sonarsource updated https://github.com/llvm/llvm-project/pull/160511

>From 6cba4d49309ee7b4c920384de010d948e92d35cc Mon Sep 17 00:00:00 2001
From: guillem-bartrina-sonarsource <guillem.bartrina at sonarsource.com>
Date: Wed, 24 Sep 2025 12:29:07 +0200
Subject: [PATCH 1/4] [analyzer] CStringChecker: bail out when arguments of
 copy function are not pointers

---
 .../StaticAnalyzer/Checkers/CStringChecker.cpp   |  4 ++++
 clang/test/Analysis/buffer-overlap.c             | 16 ++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
index 36f316df0c3ff..0ae784c000f60 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -672,6 +672,10 @@ ProgramStateRef CStringChecker::CheckOverlap(CheckerContext &C,
 
   ProgramStateRef stateTrue, stateFalse;
 
+  if (!First.Expression->getType()->isAnyPointerType() ||
+      !Second.Expression->getType()->isAnyPointerType())
+    return state;
+
   // Assume different address spaces cannot overlap.
   if (First.Expression->getType()->getPointeeType().getAddressSpace() !=
       Second.Expression->getType()->getPointeeType().getAddressSpace())
diff --git a/clang/test/Analysis/buffer-overlap.c b/clang/test/Analysis/buffer-overlap.c
index 8414a764541e2..f3bd49b8b9ca0 100644
--- a/clang/test/Analysis/buffer-overlap.c
+++ b/clang/test/Analysis/buffer-overlap.c
@@ -96,3 +96,19 @@ void test_snprintf6() {
   char b[4] = {0};
   snprintf(a, sizeof(a), "%s", b); // no-warning
 }
+
+
+void memcpy(int dst, int src, size_t size); // expected-warning{{incompatible redeclaration of library function 'memcpy'}} expected-note{{'memcpy' is a builtin with type 'void *(void *, const void *, __size_t)' (aka 'void *(void *, const void *, unsigned long)')}}
+void test_memcpy_proxy() {
+  memcpy(42, 42, 42);
+}
+
+void strcpy(int dst, char *src); // expected-warning{{incompatible redeclaration of library function 'strcpy'}} expected-note{{'strcpy' is a builtin with type 'char *(char *, const char *)'}}
+void test_strcpy_proxy() {
+  strcpy(42, (char *)42);
+}
+
+void strxfrm(int dst, char *src, size_t size); // expected-warning{{incompatible redeclaration of library function 'strxfrm'}} expected-note{{'strxfrm' is a builtin with type '__size_t (char *, const char *, __size_t)' (aka 'unsigned long (char *, const char *, unsigned long)')}}
+void test_strxfrm_proxy() {
+  strxfrm(42, (char *)42, 42);
+}

>From 7b314273b2414d6f255add38779f3957274a11a6 Mon Sep 17 00:00:00 2001
From: guillem-bartrina-sonarsource <guillem.bartrina at sonarsource.com>
Date: Thu, 25 Sep 2025 21:28:02 +0200
Subject: [PATCH 2/4] Apply test improvements

---
 clang/test/Analysis/buffer-overlap-alt.c | 23 +++++++++++++++++++++++
 clang/test/Analysis/buffer-overlap.c     | 16 ----------------
 2 files changed, 23 insertions(+), 16 deletions(-)
 create mode 100644 clang/test/Analysis/buffer-overlap-alt.c

diff --git a/clang/test/Analysis/buffer-overlap-alt.c b/clang/test/Analysis/buffer-overlap-alt.c
new file mode 100644
index 0000000000000..4830f4e9691d8
--- /dev/null
+++ b/clang/test/Analysis/buffer-overlap-alt.c
@@ -0,0 +1,23 @@
+// RUN: %clang_analyze_cc1 -verify %s -Wno-incompatible-library-redeclaration \
+// RUN:   -analyzer-checker=alpha.unix.cstring.BufferOverlap
+// expected-no-diagnostics
+
+typedef typeof(sizeof(int)) size_t;
+
+void memcpy(int dst, int src, size_t size);
+
+void test_memcpy_proxy() {
+  memcpy(42, 42, 42); // no-crash
+}
+
+void strcpy(int dst, char *src);
+
+void test_strcpy_proxy() {
+  strcpy(42, (char *)42); // no-crash
+}
+
+void strxfrm(int dst, char *src, size_t size);
+
+void test_strxfrm_proxy() {
+  strxfrm(42, (char *)42, 42); // no-crash
+}
diff --git a/clang/test/Analysis/buffer-overlap.c b/clang/test/Analysis/buffer-overlap.c
index f3bd49b8b9ca0..8414a764541e2 100644
--- a/clang/test/Analysis/buffer-overlap.c
+++ b/clang/test/Analysis/buffer-overlap.c
@@ -96,19 +96,3 @@ void test_snprintf6() {
   char b[4] = {0};
   snprintf(a, sizeof(a), "%s", b); // no-warning
 }
-
-
-void memcpy(int dst, int src, size_t size); // expected-warning{{incompatible redeclaration of library function 'memcpy'}} expected-note{{'memcpy' is a builtin with type 'void *(void *, const void *, __size_t)' (aka 'void *(void *, const void *, unsigned long)')}}
-void test_memcpy_proxy() {
-  memcpy(42, 42, 42);
-}
-
-void strcpy(int dst, char *src); // expected-warning{{incompatible redeclaration of library function 'strcpy'}} expected-note{{'strcpy' is a builtin with type 'char *(char *, const char *)'}}
-void test_strcpy_proxy() {
-  strcpy(42, (char *)42);
-}
-
-void strxfrm(int dst, char *src, size_t size); // expected-warning{{incompatible redeclaration of library function 'strxfrm'}} expected-note{{'strxfrm' is a builtin with type '__size_t (char *, const char *, __size_t)' (aka 'unsigned long (char *, const char *, unsigned long)')}}
-void test_strxfrm_proxy() {
-  strxfrm(42, (char *)42, 42);
-}

>From aabc2f7a311fee459ce73052855771195420aa6b Mon Sep 17 00:00:00 2001
From: guillem-bartrina-sonarsource <guillem.bartrina at sonarsource.com>
Date: Thu, 25 Sep 2025 21:39:08 +0200
Subject: [PATCH 3/4] Add esoteric test

---
 clang/test/Analysis/buffer-overlap.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/clang/test/Analysis/buffer-overlap.c b/clang/test/Analysis/buffer-overlap.c
index 8414a764541e2..defb17a62ae0b 100644
--- a/clang/test/Analysis/buffer-overlap.c
+++ b/clang/test/Analysis/buffer-overlap.c
@@ -96,3 +96,10 @@ void test_snprintf6() {
   char b[4] = {0};
   snprintf(a, sizeof(a), "%s", b); // no-warning
 }
+
+void* memcpy(void* dest, const void* src, size_t count);
+
+void test_memcpy_esoteric() {
+label:
+  memcpy((char *)&&label, (const char *)memcpy, 1);
+}

>From 7add5db230d9051c2bf302a98aabfbe349087b4f Mon Sep 17 00:00:00 2001
From: guillem-bartrina-sonarsource <guillem.bartrina at sonarsource.com>
Date: Mon, 29 Sep 2025 12:11:36 +0200
Subject: [PATCH 4/4] Rename test file

---
 .../Analysis/{buffer-overlap-alt.c => buffer-overlap-decls.c}     | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename clang/test/Analysis/{buffer-overlap-alt.c => buffer-overlap-decls.c} (100%)

diff --git a/clang/test/Analysis/buffer-overlap-alt.c b/clang/test/Analysis/buffer-overlap-decls.c
similarity index 100%
rename from clang/test/Analysis/buffer-overlap-alt.c
rename to clang/test/Analysis/buffer-overlap-decls.c

More information about the cfe-commits mailing list