================ @@ -2515,6 +2518,57 @@ void CStringChecker::evalSprintfCommon(CheckerContext &C, const CallEvent &Call, C.addTransition(State); } +void CStringChecker::evalGetentropy(CheckerContext &C, + const CallEvent &Call, CharKind CK) const { + DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}}; + SizeArgExpr Size = {{Call.getArgExpr(1), 1}}; + ProgramStateRef State = C.getState(); + const LocationContext *LCtx = C.getLocationContext(); + SValBuilder &Builder = C.getSValBuilder(); + SVal MaxLength = Builder.makeIntVal(256, C.getASTContext().IntTy); + + SVal SizeVal = C.getSVal(Size.Expression); + QualType SizeTy = Size.Expression->getType(); + + ProgramStateRef StateZeroSize, StateNonZeroSize; + std::tie(StateZeroSize, StateNonZeroSize) = + assumeZero(C, State, SizeVal, SizeTy); + + if (StateZeroSize) { + StateZeroSize = State->BindExpr(Call.getOriginExpr(), LCtx, + Builder.makeZeroVal(C.getASTContext().IntTy)); + C.addTransition(StateZeroSize); + return; + } + + SVal Buff = C.getSVal(Buffer.Expression); + State = checkNonNull(C, StateNonZeroSize, Buffer, Buff); + if (!State) + return; + + QualType cmpTy = C.getSValBuilder().getConditionType(); + ProgramStateRef bufferTooLong, bufferNotTooLong; + std::tie(bufferTooLong, bufferNotTooLong) = State->assume( + Builder + .evalBinOpNN(State, BO_GT, *SizeVal.getAs<NonLoc>(), *MaxLength.getAs<NonLoc>(), cmpTy) + .castAs<DefinedOrUnknownSVal>()); + if (bufferTooLong) { ---------------- steakhal wrote:
We would take this branch (and report `size is greater than 256`), if we could not prove that it must be smaller then or equal to 256. We usually report diagnostics if the error condition must be violated in a given execution path. https://github.com/llvm/llvm-project/pull/83675 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits