================ @@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext &C, const CallEvent &Call, C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext &C, + const CallEvent &Call, CharKind CK) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + const LocationContext *LCtx = C.getLocationContext(); + SValBuilder &Builder = C.getSValBuilder(); + SVal MaxLength = Builder.makeIntVal(256, C.getASTContext().IntTy); + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = + assumeZero(C, State, SizeVal, SizeTy); + + if (StateZeroSize) { + StateZeroSize = State->BindExpr(Call.getOriginExpr(), LCtx, + Builder.makeZeroVal(C.getASTContext().IntTy)); + C.addTransition(StateZeroSize); + return; + } + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) + return; + + QualType cmpTy = C.getSValBuilder().getConditionType(); + ProgramStateRef bufferTooLong, bufferNotTooLong; + std::tie(bufferTooLong, bufferNotTooLong) = State->assume( + Builder + .evalBinOpNN(State, BO_GT, *SizeVal.getAs<NonLoc>(), *MaxLength.getAs<NonLoc>(), cmpTy) + .castAs<DefinedOrUnknownSVal>()); + if (bufferTooLong) { + ErrorMessage Message; + llvm::raw_svector_ostream Os(Message); + Os << "size is greater than 256"; + emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, Message); ---------------- steakhal wrote:
```suggestion emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, "size is greater than 256"); ``` But actually, I don't think an "out of bounds" error is appropriate here; and the provided message could be rephrased to "the 'length' argument to 'getentropy' must be smaller than or equal to 256". This hints the user how to fix this. @haoNoQ WDYT of reporting this as an out-of-bounds access? https://github.com/llvm/llvm-project/pull/83675 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits