[clang] [clang][StaticAnalyzer] Adding getentropy to CStringChecker. (PR #83675)

[Balazs Benics via cfe-commits]

================
@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext 
&C, const CallEvent &Call,
   C.addTransition(State);
 }
 
+void CStringChecker::evalGetentropy(CheckerContext &C,
+                                    const CallEvent &Call, CharKind CK) const {
+  DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+  SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+  ProgramStateRef State = C.getState();
+  const LocationContext *LCtx = C.getLocationContext();
+  SValBuilder &Builder = C.getSValBuilder();
+  SVal MaxLength = Builder.makeIntVal(256, C.getASTContext().IntTy);
+
+  SVal SizeVal = C.getSVal(Size.Expression);
+  QualType SizeTy = Size.Expression->getType();
+
+  ProgramStateRef StateZeroSize, StateNonZeroSize;
+  std::tie(StateZeroSize, StateNonZeroSize) =
+      assumeZero(C, State, SizeVal, SizeTy);
+
+  if (StateZeroSize) {
+    StateZeroSize = State->BindExpr(Call.getOriginExpr(), LCtx,
+                              Builder.makeZeroVal(C.getASTContext().IntTy));
+    C.addTransition(StateZeroSize);
+    return;
+  }
+
+  SVal Buff = C.getSVal(Buffer.Expression);
+  State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+  if (!State)
+    return;
+
+  QualType cmpTy = C.getSValBuilder().getConditionType();
+  ProgramStateRef bufferTooLong, bufferNotTooLong;
+  std::tie(bufferTooLong, bufferNotTooLong) = State->assume(
+        Builder
+       .evalBinOpNN(State, BO_GT, *SizeVal.getAs<NonLoc>(), 
*MaxLength.getAs<NonLoc>(), cmpTy)
+       .castAs<DefinedOrUnknownSVal>());
+  if (bufferTooLong) {
+    ErrorMessage Message;
+    llvm::raw_svector_ostream Os(Message);
+    Os << "size is greater than 256";
+    emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, Message);
----------------
steakhal wrote:

```suggestion
    emitOutOfBoundsBug(C, bufferTooLong, Buffer.Expression, "size is greater 
than 256");
```

But actually, I don't think an "out of bounds" error is appropriate here; and 
the provided message could be rephrased to "the 'length' argument to 
'getentropy' must be smaller than or equal to 256". This hints the user how to 
fix this. @haoNoQ WDYT of reporting this as an out-of-bounds access?

https://github.com/llvm/llvm-project/pull/83675
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits