[cfe-dev] compare two array size
Jordan Rose
jordan_rose at apple.com
Tue Jul 3 07:48:26 PDT 2012
Hi, Lionel. You're asking for the /element/ type of the two arrays, but really you want the arrays themselves (i.e. you don't need "getPointeeType()").
BTW, there is a number of similar checks already implemented in CStringChecker.cpp; most of them are just turned off because a number of the checks are expensive and the path diagnostics are sub-par. (In your case, for instance, you could be copying from a very large /buffer/ but already checked that its strlen() is small enough. It's these sorts of weird conditions that make CStringChceker less effective.)
Hope that helps; please feel free to ask more questions about the analyzer infrastructure.
Jordan
On Jul 3, 2012, at 5:49 AM, Lionel PRAT wrote:
> Hello,
> I try to see if a checker in a strcpy, the source array size is larger
> than the destination array size (overflow).
> Here is the piece of code that test and that does not work ...
>
> ........
> //CE->getArg(1) == src in strcpy
> //CE->getArg(1) == dst in strcpy
> if(isSizeOverflow(CE->getArg(1),CE->getArg(0), C)){
> //Overflow is possible
> }
> .......
> bool StrcpyCheckOverflow::isSizeOverflow(const Expr *Esrc, const Expr
> *Edst, CheckerContext &C) {
> QualType ElTydst = Edst->getType()->getPointeeType();
> QualType ElTysrc = Esrc->getType()->getPointeeType();
> CharUnits BufSrcSize = C.getASTContext().getTypeSizeInChars(ElTysrc);
> CharUnits BufDstSize = C.getASTContext().getTypeSizeInChars(ElTydst);
> if(BufSrcSize>BufDstSize) return true;
> return false;
> }
>
>
> On test code:
>
> #include <stdio.h>
> #include <string.h>
> int main(){
> char addr[16];
> char buffer[8];
> scanf("%s", addr);
> strcpy(buffer, addr);
> return 0;
> }
>
> Would you or what is the problem?
> thank you
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list