[cfe-dev] [clang-tidy] a simple strncmp checker
Philip Reames via cfe-dev
cfe-dev at lists.llvm.org
Fri Sep 4 08:53:05 PDT 2015
On 09/03/2015 06:52 PM, Bob Kuo via cfe-dev wrote:
> Hello cfe-dev,
> I saw a presentation from someone using another static analysis tool
> and in that presentation they mentioned finding a relatively simple
> error with strncmp. They searched for calls to strncmp where one or
> both of the string parameters were shorter than the limit provided.
> That is, we have something like:
> bar = strncmp(foo, "asdf", 6);
> That this was flagged as an error by the static analyzer. I did a
> simple regex search through one of the larger code bases at work and
> found several errors of this type.
This code is not erroneous. It's mildly suspicious, but given the
second operand is a constant, only vaguely so. A style warning would be
> I've got a basic patch to clang-tidy to add this as a checker.
> A few questions:
> 1) Is this type of checking sound? If so, should I put it up for review?
> 2) In the above example, would strncmp(foo, "asdf", 5) be an error?
> That is, should we include the null byte at the end of the string?
> 3) One possible valid use case of strncmp is to do prefix checking.
> In that case the limit n would be less than one or both of the
> strings. However, in my completely unscientific sample at work I saw
> what appear to be copy-paste errors where the string was changed but
> not the size with the resulting strncmp only checking a prefix of the
> given string. Should we warn in these cases as well?
No. Possibly when one of the arguments is a constant, but not otherwise.
> 4) My clang-tidy checker is implemented with ASTMatchers for very
> simplistic checking. Would it be better to implement this for
> context-sensitive checking? If so, can someone point me to an
> existing checker to study?
> Bob Kuo
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cfe-dev