================
@@ -2516,6 +2518,47 @@ void CStringChecker::evalSprintfCommon(CheckerContext
&C, const CallEvent &Call,
C.addTransition(State);
}
+void CStringChecker::evalGetentropy(CheckerContext &C,
+ const CallEvent &Call) const {
+ DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+ SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+ ProgramStateRef State = C.getState();
+ constexpr int BufferMaxSize = 256;
+
+ SVal SizeVal = C.getSVal(Size.Expression);
+ QualType SizeTy = Size.Expression->getType();
+
+ ProgramStateRef StateZeroSize, StateNonZeroSize;
+ std::tie(StateZeroSize, StateNonZeroSize) =
+ assumeZero(C, State, SizeVal, SizeTy);
+
+ SVal Buff = C.getSVal(Buffer.Expression);
+ State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+ if (!State)
+ return;
+
+ State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write);
+ if (!State)
+ return;
+
+ auto SizeLoc = SizeVal.getAs<nonloc::ConcreteInt>();
+ auto size = SizeLoc->getValue().getExtValue();
+
+ if (size > BufferMaxSize) {
+ ErrorMessage Message;
+ llvm::raw_svector_ostream Os(Message);
+ Os << " destination buffer size is greater than " << BufferMaxSize;
+ emitOutOfBoundsBug(C, StateNonZeroSize, Buffer.Expression, Message);
+ return;
+ }
----------------
steakhal wrote:
Inside `checkBufferAccess` there should be a part where the `size-1` index is
checked for buffers; thus it should cover the case you mentioned.
https://github.com/llvm/llvm-project/pull/83675
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
