diff options
| author | Devin Coughlin <dcoughlin@apple.com> | 2018-01-20 23:11:17 +0000 |
|---|---|---|
| committer | Devin Coughlin <dcoughlin@apple.com> | 2018-01-20 23:11:17 +0000 |
| commit | 2ff57bcd18d3514c3f5baed6d34e02f885e81b28 (patch) | |
| tree | b08dae3abff9858965590723381fed75ebb16d03 | |
| parent | 5829d8f1f7ad3bf4796615caf941d97c116d815e (diff) | |
| download | bcm5719-llvm-2ff57bcd18d3514c3f5baed6d34e02f885e81b28.tar.gz bcm5719-llvm-2ff57bcd18d3514c3f5baed6d34e02f885e81b28.zip | |
[analyzer] Provide a check name when MallocChecker enables CStringChecker
Fix an assertion failure caused by a missing CheckName. The malloc checker
enables "basic" support in the CStringChecker, which causes some CString
bounds checks to be enabled. In this case, make sure that we have a
valid CheckName for the BugType.
llvm-svn: 323052
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp | 12 | ||||
| -rw-r--r-- | clang/test/Analysis/Inputs/system-header-simulator.h | 1 | ||||
| -rw-r--r-- | clang/test/Analysis/malloc.c | 9 |
3 files changed, 21 insertions, 1 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 079032329ad..bd4033784ef 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -309,9 +309,19 @@ ProgramStateRef CStringChecker::CheckLocation(CheckerContext &C, if (!N) return nullptr; + CheckName Name; + // These checks are either enabled by the CString out-of-bounds checker + // explicitly or the "basic" CStringNullArg checker support that Malloc + // checker enables. + assert(Filter.CheckCStringOutOfBounds || Filter.CheckCStringNullArg); + if (Filter.CheckCStringOutOfBounds) + Name = Filter.CheckNameCStringOutOfBounds; + else + Name = Filter.CheckNameCStringNullArg; + if (!BT_Bounds) { BT_Bounds.reset(new BuiltinBug( - Filter.CheckNameCStringOutOfBounds, "Out-of-bound array access", + Name, "Out-of-bound array access", "Byte string function accesses out-of-bound array element")); } BuiltinBug *BT = static_cast<BuiltinBug*>(BT_Bounds.get()); diff --git a/clang/test/Analysis/Inputs/system-header-simulator.h b/clang/test/Analysis/Inputs/system-header-simulator.h index 2e6f1e7d4a9..ff69a1502b9 100644 --- a/clang/test/Analysis/Inputs/system-header-simulator.h +++ b/clang/test/Analysis/Inputs/system-header-simulator.h @@ -32,6 +32,7 @@ typedef __typeof(sizeof(int)) size_t; size_t strlen(const char *); char *strcpy(char *restrict, const char *restrict); +char *strncpy(char *dst, const char *src, size_t n); void *memcpy(void *dst, const void *src, size_t n); typedef unsigned long __darwin_pthread_key_t; diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c index e08ec1b76cf..6e3f3faaa17 100644 --- a/clang/test/Analysis/malloc.c +++ b/clang/test/Analysis/malloc.c @@ -1777,6 +1777,15 @@ void freeFunctionPtr() { free((void *)fnptr); // expected-warning {{Argument to free() is a function pointer}} } +// Enabling the malloc checker enables some of the buffer-checking portions +// of the C-string checker. +void cstringchecker_bounds_nocrash() { + char *p = malloc(2); + strncpy(p, "AAA", sizeof("AAA")); // expected-warning {{Size argument is greater than the length of the destination buffer}} + + free(p); +} + // ---------------------------------------------------------------------------- // False negatives. |
