hokein created this revision.
hokein added a reviewer: gribozavr2.
Herald added a subscriber: xazax.hun.
Herald added a project: clang.
The check assumed the matched function call has 3 arguments, but the
matcher didn't guaranteed that.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D83301
Files:
clang-tools-extra/clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp
clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memset-usage.cpp
Index:
clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memset-usage.cpp
===================================================================
---
clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memset-usage.cpp
+++
clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memset-usage.cpp
@@ -75,3 +75,8 @@
// despite v == 0.
memset(p, -1, v);
}
+
+void *memset(int);
+void NoCrash() {
+ memset(1);
+}
Index: clang-tools-extra/clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp
===================================================================
--- clang-tools-extra/clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp
+++ clang-tools-extra/clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp
@@ -20,11 +20,18 @@
namespace bugprone {
void SuspiciousMemsetUsageCheck::registerMatchers(MatchFinder *Finder) {
- // Note: void *memset(void *buffer, int fill_char, size_t byte_count);
+ // Match the standard memset:
+ // void *memset(void *buffer, int fill_char, size_t byte_count);
+ auto MemsetDecl =
+ functionDecl(hasName("::memset"),
+ hasParameter(0, hasType(pointerType(pointee(voidType())))),
+ hasParameter(1, hasType(isInteger())),
+ hasParameter(2, hasType(isInteger())));
+
// Look for memset(x, '0', z). Probably memset(x, 0, z) was intended.
Finder->addMatcher(
callExpr(
- callee(functionDecl(hasName("::memset"))),
+ callee(MemsetDecl),
hasArgument(1, characterLiteral(equals(static_cast<unsigned>('0')))
.bind("char-zero-fill")),
unless(
@@ -36,14 +43,14 @@
// Look for memset with an integer literal in its fill_char argument.
// Will check if it gets truncated.
- Finder->addMatcher(callExpr(callee(functionDecl(hasName("::memset"))),
+ Finder->addMatcher(callExpr(callee(MemsetDecl),
hasArgument(1,
integerLiteral().bind("num-fill")),
unless(isInTemplateInstantiation())),
this);
// Look for memset(x, y, 0) as that is most likely an argument swap.
Finder->addMatcher(
- callExpr(callee(functionDecl(hasName("::memset"))),
+ callExpr(callee(MemsetDecl),
unless(hasArgument(1, anyOf(characterLiteral(equals(
static_cast<unsigned>('0'))),
integerLiteral()))),
Index: clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memset-usage.cpp
===================================================================
--- clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memset-usage.cpp
+++ clang-tools-extra/test/clang-tidy/checkers/bugprone-suspicious-memset-usage.cpp
@@ -75,3 +75,8 @@
// despite v == 0.
memset(p, -1, v);
}
+
+void *memset(int);
+void NoCrash() {
+ memset(1);
+}
Index: clang-tools-extra/clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp
===================================================================
--- clang-tools-extra/clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp
+++ clang-tools-extra/clang-tidy/bugprone/SuspiciousMemsetUsageCheck.cpp
@@ -20,11 +20,18 @@
namespace bugprone {
void SuspiciousMemsetUsageCheck::registerMatchers(MatchFinder *Finder) {
- // Note: void *memset(void *buffer, int fill_char, size_t byte_count);
+ // Match the standard memset:
+ // void *memset(void *buffer, int fill_char, size_t byte_count);
+ auto MemsetDecl =
+ functionDecl(hasName("::memset"),
+ hasParameter(0, hasType(pointerType(pointee(voidType())))),
+ hasParameter(1, hasType(isInteger())),
+ hasParameter(2, hasType(isInteger())));
+
// Look for memset(x, '0', z). Probably memset(x, 0, z) was intended.
Finder->addMatcher(
callExpr(
- callee(functionDecl(hasName("::memset"))),
+ callee(MemsetDecl),
hasArgument(1, characterLiteral(equals(static_cast<unsigned>('0')))
.bind("char-zero-fill")),
unless(
@@ -36,14 +43,14 @@
// Look for memset with an integer literal in its fill_char argument.
// Will check if it gets truncated.
- Finder->addMatcher(callExpr(callee(functionDecl(hasName("::memset"))),
+ Finder->addMatcher(callExpr(callee(MemsetDecl),
hasArgument(1, integerLiteral().bind("num-fill")),
unless(isInTemplateInstantiation())),
this);
// Look for memset(x, y, 0) as that is most likely an argument swap.
Finder->addMatcher(
- callExpr(callee(functionDecl(hasName("::memset"))),
+ callExpr(callee(MemsetDecl),
unless(hasArgument(1, anyOf(characterLiteral(equals(
static_cast<unsigned>('0'))),
integerLiteral()))),
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
