NoQ created this revision.
NoQ added reviewers: dcoughlin, xazax.hun, a_sidorin, rnkovacs, Szelethus,
baloghadamsoftware, Charusso.
Herald added subscribers: cfe-commits, dkrupp, donat.nagy, mikhail.ramalho,
a.sidorin, szepet.
Herald added a project: clang.
Fixes the problem mentioned in D66333#1726488
<https://reviews.llvm.org/D66333#1726488>. Additionally refers to `strcat` as
"memory concatenation function" as opposed to "memory copy functions".
TODO: Add a flag to `VerifyDiagnosticConsumer` to match full messages by
default.
Repository:
rC Clang
https://reviews.llvm.org/D71321
Files:
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
clang/test/Analysis/bsd-string.c
clang/test/Analysis/bstring.c
clang/test/Analysis/cstring-ranges.c
clang/test/Analysis/null-deref-path-notes.c
clang/test/Analysis/null-deref-ps-region.c
clang/test/Analysis/string.c
Index: clang/test/Analysis/string.c
===================================================================
--- clang/test/Analysis/string.c
+++ clang/test/Analysis/string.c
@@ -97,7 +97,7 @@
}
size_t strlen_null() {
- return strlen(0); // expected-warning{{Null pointer argument in call to string length function}}
+ return strlen(0); // expected-warning{{Null pointer passed as 1st argument to string length function}}
}
size_t strlen_fn() {
@@ -251,7 +251,7 @@
}
size_t strnlen_null() {
- return strnlen(0, 3); // expected-warning{{Null pointer argument in call to string length function}}
+ return strnlen(0, 3); // expected-warning{{Null pointer passed as 1st argument to string length function}}
}
size_t strnlen_fn() {
@@ -322,11 +322,11 @@
void strcpy_null_dst(char *x) {
- strcpy(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}}
+ strcpy(NULL, x); // expected-warning{{Null pointer passed as 1st argument to string copy function}}
}
void strcpy_null_src(char *x) {
- strcpy(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}}
+ strcpy(x, NULL); // expected-warning{{Null pointer passed as 2nd argument to string copy function}}
}
void strcpy_fn(char *x) {
@@ -424,15 +424,15 @@
void strcat_null_dst(char *x) {
- strcat(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}}
+ strcat(NULL, x); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}}
}
void strcat_null_src(char *x) {
- strcat(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}}
+ strcat(x, NULL); // expected-warning{{Null pointer passed as 2nd argument to string concatenation function}}
}
void strcat_fn(char *x) {
- strcat(x, (char*)&strcat_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcat_fn', which is not a null-terminated string}}
+ strcat(x, (char*)&strcat_fn); // expected-warning{{Argument to string concatenation function is the address of the function 'strcat_fn', which is not a null-terminated string}}
}
void strcat_effects(char *y) {
@@ -523,11 +523,11 @@
void strncpy_null_dst(char *x) {
- strncpy(NULL, x, 5); // expected-warning{{Null pointer argument in call to string copy function}}
+ strncpy(NULL, x, 5); // expected-warning{{Null pointer passed as 1st argument to string copy function}}
}
void strncpy_null_src(char *x) {
- strncpy(x, NULL, 5); // expected-warning{{Null pointer argument in call to string copy function}}
+ strncpy(x, NULL, 5); // expected-warning{{Null pointer passed as 2nd argument to string copy function}}
}
void strncpy_fn(char *x) {
@@ -631,15 +631,15 @@
void strncat_null_dst(char *x) {
- strncat(NULL, x, 4); // expected-warning{{Null pointer argument in call to string copy function}}
+ strncat(NULL, x, 4); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}}
}
void strncat_null_src(char *x) {
- strncat(x, NULL, 4); // expected-warning{{Null pointer argument in call to string copy function}}
+ strncat(x, NULL, 4); // expected-warning{{Null pointer passed as 2nd argument to string concatenation function}}
}
void strncat_fn(char *x) {
- strncat(x, (char*)&strncat_fn, 4); // expected-warning{{Argument to string copy function is the address of the function 'strncat_fn', which is not a null-terminated string}}
+ strncat(x, (char*)&strncat_fn, 4); // expected-warning{{Argument to string concatenation function is the address of the function 'strncat_fn', which is not a null-terminated string}}
}
void strncat_effects(char *y) {
@@ -812,13 +812,13 @@
void strcmp_null_0() {
char *x = NULL;
char *y = "123";
- strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strcmp(x, y); // expected-warning{{Null pointer passed as 1st argument to string comparison function}}
}
void strcmp_null_1() {
char *x = "123";
char *y = NULL;
- strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strcmp(x, y); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}}
}
void strcmp_diff_length_0() {
@@ -921,13 +921,13 @@
void strncmp_null_0() {
char *x = NULL;
char *y = "123";
- strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strncmp(x, y, 3); // expected-warning{{Null pointer passed as 1st argument to string comparison function}}
}
void strncmp_null_1() {
char *x = "123";
char *y = NULL;
- strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strncmp(x, y, 3); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}}
}
void strncmp_diff_length_0() {
@@ -1030,13 +1030,13 @@
void strcasecmp_null_0() {
char *x = NULL;
char *y = "123";
- strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strcasecmp(x, y); // expected-warning{{Null pointer passed as 1st argument to string comparison function}}
}
void strcasecmp_null_1() {
char *x = "123";
char *y = NULL;
- strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strcasecmp(x, y); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}}
}
void strcasecmp_diff_length_0() {
@@ -1121,13 +1121,13 @@
void strncasecmp_null_0() {
char *x = NULL;
char *y = "123";
- strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strncasecmp(x, y, 3); // expected-warning{{Null pointer passed as 1st argument to string comparison function}}
}
void strncasecmp_null_1() {
char *x = "123";
char *y = NULL;
- strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
+ strncasecmp(x, y, 3); // expected-warning{{Null pointer passed as 2nd argument to string comparison function}}
}
void strncasecmp_diff_length_0() {
@@ -1183,11 +1183,11 @@
char *strsep(char **stringp, const char *delim);
void strsep_null_delim(char *s) {
- strsep(&s, NULL); // expected-warning{{Null pointer argument in call to strsep()}}
+ strsep(&s, NULL); // expected-warning{{Null pointer passed as 2nd argument to strsep()}}
}
void strsep_null_search() {
- strsep(NULL, ""); // expected-warning{{Null pointer argument in call to strsep()}}
+ strsep(NULL, ""); // expected-warning{{Null pointer passed as 1st argument to strsep()}}
}
void strsep_return_original_pointer(char *s) {
@@ -1433,7 +1433,7 @@
void bzero1_null() {
char *a = NULL;
- bzero(a, 10); // expected-warning{{Null pointer argument in call to memory clearance function}}
+ bzero(a, 10); // expected-warning{{Null pointer passed as 1st argument to memory clearance function}}
}
void bzero2_char_array_null() {
@@ -1453,7 +1453,7 @@
void explicit_bzero1_null() {
char *a = NULL;
- explicit_bzero(a, 10); // expected-warning{{Null pointer argument in call to memory clearance function}}
+ explicit_bzero(a, 10); // expected-warning{{Null pointer passed as 1st argument to memory clearance function}}
}
void explicit_bzero2_clear_mypassword() {
Index: clang/test/Analysis/null-deref-ps-region.c
===================================================================
--- clang/test/Analysis/null-deref-ps-region.c
+++ clang/test/Analysis/null-deref-ps-region.c
@@ -39,7 +39,7 @@
void testConcreteNull() {
int *x = 0;
- memset(x, 0, 1); // expected-warning {{Null pointer argument in call to memory set function}}
+ memset(x, 0, 1); // expected-warning {{Null pointer passed as 1st argument to memory set function}}
}
void testStackArray() {
Index: clang/test/Analysis/null-deref-path-notes.c
===================================================================
--- clang/test/Analysis/null-deref-path-notes.c
+++ clang/test/Analysis/null-deref-path-notes.c
@@ -13,40 +13,40 @@
void f1(char *source) {
char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
- memcpy(destination + 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
- // expected-note@-1{{Null pointer argument in call to memory copy function}}
+ memcpy(destination + 0, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+ // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
}
void f2(char *source) {
char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
- memcpy(destination - 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
- // expected-note@-1{{Null pointer argument in call to memory copy function}}
+ memcpy(destination - 0, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+ // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
}
void f3(char *source) {
char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
destination = destination + 0; // expected-note{{Null pointer value stored to 'destination'}}
- memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
- // expected-note@-1{{Null pointer argument in call to memory copy function}}
+ memcpy(destination, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+ // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
}
void f4(char *source) {
char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
destination = destination - 0; // expected-note{{Null pointer value stored to 'destination'}}
- memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
- // expected-note@-1{{Null pointer argument in call to memory copy function}}
+ memcpy(destination, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+ // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
}
void f5(char *source) {
char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}}
char *destination2 = destination1 + 0; // expected-note{{'destination2' initialized to a null pointer value}}
- memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
- // expected-note@-1{{Null pointer argument in call to memory copy function}}
+ memcpy(destination2, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+ // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
}
void f6(char *source) {
char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}}
char *destination2 = destination1 - 0; // expected-note{{'destination2' initialized to a null pointer value}}
- memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
- // expected-note@-1{{Null pointer argument in call to memory copy function}}
+ memcpy(destination2, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+ // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
}
Index: clang/test/Analysis/cstring-ranges.c
===================================================================
--- clang/test/Analysis/cstring-ranges.c
+++ clang/test/Analysis/cstring-ranges.c
@@ -2,6 +2,8 @@
// This test verifies argument source range highlighting.
// Otherwise we've no idea which of the arguments is null.
+// These days we actually also have it in the message,
+// but the range is still great to have.
char *strcpy(char *, const char *);
@@ -10,6 +12,6 @@
strcpy(a, b);
}
-// CHECK: warning: Null pointer argument in call to string copy function
+// CHECK: warning: Null pointer passed as 1st argument to string copy function
// CHECK-NEXT: strcpy(a, b);
// CHECK-NEXT: ^ ~
Index: clang/test/Analysis/bstring.c
===================================================================
--- clang/test/Analysis/bstring.c
+++ clang/test/Analysis/bstring.c
@@ -148,12 +148,12 @@
void memcpy10() {
char a[4] = {0};
- memcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+ memcpy(0, a, 4); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
}
void memcpy11() {
char a[4] = {0};
- memcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+ memcpy(a, 0, 4); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
}
void memcpy12() {
@@ -173,7 +173,7 @@
void memcpy_unknown_size_warn (size_t n) {
char a[4];
- void *result = memcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}}
+ void *result = memcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
clang_analyzer_eval(result == a); // no-warning (above is fatal)
}
@@ -268,12 +268,12 @@
void mempcpy10() {
char a[4] = {0};
- mempcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+ mempcpy(0, a, 4); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
}
void mempcpy11() {
char a[4] = {0};
- mempcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+ mempcpy(a, 0, 4); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
}
void mempcpy12() {
@@ -327,7 +327,7 @@
void mempcpy_unknown_size_warn (size_t n) {
char a[4];
- void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}}
+ void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
clang_analyzer_eval(result == a); // no-warning (above is fatal)
}
Index: clang/test/Analysis/bsd-string.c
===================================================================
--- clang/test/Analysis/bsd-string.c
+++ clang/test/Analysis/bsd-string.c
@@ -33,11 +33,11 @@
}
void f4() {
- strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}}
+ strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string copy function}}
}
void f5() {
- strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}}
+ strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}}
}
void f6() {
Index: clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -290,9 +290,9 @@
SmallString<80> buf;
llvm::raw_svector_ostream OS(buf);
assert(CurrentFunctionDescription);
- OS << "Null pointer argument in call to " << CurrentFunctionDescription
- << ' ' << IdxOfArg << llvm::getOrdinalSuffix(IdxOfArg)
- << " parameter";
+ OS << "Null pointer passed as " << IdxOfArg
+ << llvm::getOrdinalSuffix(IdxOfArg) << " argument to "
+ << CurrentFunctionDescription;
emitNullArgBug(C, stateNull, S, OS.str());
}
@@ -1536,7 +1536,10 @@
bool ReturnEnd, bool IsBounded,
ConcatFnKind appendK,
bool returnPtr) const {
- CurrentFunctionDescription = "string copy function";
+ if (appendK == ConcatFnKind::none)
+ CurrentFunctionDescription = "string copy function";
+ else
+ CurrentFunctionDescription = "string concatenation function";
ProgramStateRef state = C.getState();
const LocationContext *LCtx = C.getLocationContext();
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
