diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2019-02-08 23:59:52 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2019-02-08 23:59:52 +0000 |
| commit | 91970564191bfc40ea9f2c8d32cc1fb6c314515c (patch) | |
| tree | 49b374f1b2d215d012129413643f6e6b695551c5 | |
| parent | afd612ece97ce98c34c9c2e6bf844423b11f2fa5 (diff) | |
| download | bcm5719-llvm-91970564191bfc40ea9f2c8d32cc1fb6c314515c.tar.gz bcm5719-llvm-91970564191bfc40ea9f2c8d32cc1fb6c314515c.zip | |
[analyzer] CStringSyntaxChecks: Fix an off-by-one error in the strlcat() check.
oth strlcat and strlcpy cut off their safe bound for the argument value
at sizeof(destination). There's no need to subtract 1 in only one
of these cases.
Differential Revision: https://reviews.llvm.org/D57981
rdar://problem/47873212
llvm-svn: 353583
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp | 11 | ||||
| -rw-r--r-- | clang/test/Analysis/cstring-syntax.c | 2 |
2 files changed, 4 insertions, 9 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp index b2ea3ceb5f6..b828ac05923 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp @@ -153,8 +153,6 @@ bool WalkAST::containsBadStrncatPattern(const CallExpr *CE) { bool WalkAST::containsBadStrlcpyStrlcatPattern(const CallExpr *CE) { if (CE->getNumArgs() != 3) return false; - const FunctionDecl *FD = CE->getDirectCallee(); - bool Append = CheckerContext::isCLibraryFunction(FD, "strlcat"); const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); @@ -194,13 +192,8 @@ bool WalkAST::containsBadStrlcpyStrlcatPattern(const CallExpr *CE) { ASTContext &C = BR.getContext(); uint64_t BufferLen = C.getTypeSize(Buffer) / 8; auto RemainingBufferLen = BufferLen - DstOff; - if (Append) { - if (RemainingBufferLen <= ILRawVal) - return true; - } else { - if (RemainingBufferLen < ILRawVal) - return true; - } + if (RemainingBufferLen < ILRawVal) + return true; } } } diff --git a/clang/test/Analysis/cstring-syntax.c b/clang/test/Analysis/cstring-syntax.c index d2e12e8303b..f01de36c1af 100644 --- a/clang/test/Analysis/cstring-syntax.c +++ b/clang/test/Analysis/cstring-syntax.c @@ -33,6 +33,7 @@ void testStrlcpy(const char *src) { strlcpy(dest, src, ulen); strlcpy(dest + 5, src, 5); strlcpy(dest + 5, src, 10); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}} + strlcpy(dest, "aaaaaaaaaaaaaaa", 10); // no-warning } void testStrlcat(const char *src) { @@ -51,4 +52,5 @@ void testStrlcat(const char *src) { strlcat(dest, src, ulen); strlcpy(dest, src, 5); strlcat(dest + 5, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}} + strlcat(dest, "aaaaaaaaaaaaaaa", 10); // no-warning } |
