================
@@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext
&C, const CallEvent &Call,
C.addTransition(State);
}
+void CStringChecker::evalGetentropy(CheckerContext &C,
+ const CallEvent &Call, CharKind CK) const {
+ DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+ SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+ ProgramStateRef State = C.getState();
+ const LocationContext *LCtx = C.getLocationContext();
+ SValBuilder &Builder = C.getSValBuilder();
+ SVal MaxLength = Builder.makeIntVal(256, C.getASTContext().IntTy);
+
+ SVal SizeVal = C.getSVal(Size.Expression);
+ QualType SizeTy = Size.Expression->getType();
+
+ ProgramStateRef StateZeroSize, StateNonZeroSize;
+ std::tie(StateZeroSize, StateNonZeroSize) =
+ assumeZero(C, State, SizeVal, SizeTy);
+
+ if (StateZeroSize) {
+ StateZeroSize = State->BindExpr(Call.getOriginExpr(), LCtx,
+ Builder.makeZeroVal(C.getASTContext().IntTy));
+ C.addTransition(StateZeroSize);
+ return;
+ }
+
+ SVal Buff = C.getSVal(Buffer.Expression);
+ State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+ if (!State)
+ return;
+
+ QualType cmpTy = C.getSValBuilder().getConditionType();
+ ProgramStateRef bufferTooLong, bufferNotTooLong;
+ std::tie(bufferTooLong, bufferNotTooLong) = State->assume(
+ Builder
+ .evalBinOpNN(State, BO_GT, *SizeVal.getAs<NonLoc>(),
*MaxLength.getAs<NonLoc>(), cmpTy)
+ .castAs<DefinedOrUnknownSVal>());
+ if (bufferTooLong) {
----------------
steakhal wrote:
We would take this branch (and report `size is greater than 256`), if we could
not prove that it must be smaller then or equal to 256. We usually report
diagnostics if the error condition must be violated in a given execution path.
https://github.com/llvm/llvm-project/pull/83675
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
