[cfe-dev] [clang-tidy] a simple strncmp checker

Philip Reames via cfe-dev cfe-dev at lists.llvm.org
Fri Sep 4 08:53:05 PDT 2015

On 09/03/2015 06:52 PM, Bob Kuo via cfe-dev wrote:
> Hello cfe-dev,
> I saw a presentation from someone using another static analysis tool 
> (http://www.slideshare.net/Andrey_Karpov/200-open-sourceprojectslater) 
> and in that presentation they mentioned finding a relatively simple 
> error with strncmp.  They searched for calls to strncmp where one or 
> both of the string parameters were shorter than the limit provided.  
> That is, we have something like:
>     bar = strncmp(foo, "asdf", 6);
> That this was flagged as an error by the static analyzer. I did a 
> simple regex search through one of the larger code bases at work and 
> found several errors of this type.
This code is not erroneous.  It's mildly suspicious, but given the 
second operand is a constant, only vaguely so.  A style warning would be 
> I've got a basic patch to clang-tidy to add this as a checker.
> A few questions:
> 1)  Is this type of checking sound?  If so, should I put it up for review?
> 2)  In the above example, would strncmp(foo, "asdf", 5) be an error?  
> That is, should we include the null byte at the end of the string?
> 3)  One possible valid use case of strncmp is to do prefix checking.  
> In that case the limit n would be less than one or both of the 
> strings.  However, in my completely unscientific sample at work I saw 
> what appear to be copy-paste errors where the string was changed but 
> not the size with the resulting strncmp only checking a prefix of the 
> given string.  Should we warn in these cases as well?
No.  Possibly when one of the arguments is a constant, but not otherwise.
> 4)  My clang-tidy checker is implemented with ASTMatchers for very 
> simplistic checking.  Would it be better to implement this for 
> context-sensitive checking?  If so, can someone point me to an 
> existing checker to study?
> Thanks,
> Bob Kuo
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150904/74d80111/attachment.html>

More information about the cfe-dev mailing list