leanil updated this revision to Diff 129465. leanil added a comment. Change result types to match the query return types.
https://reviews.llvm.org/D41384 Files: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp test/Analysis/security-syntax-checks.m Index: test/Analysis/security-syntax-checks.m =================================================================== --- test/Analysis/security-syntax-checks.m +++ test/Analysis/security-syntax-checks.m @@ -146,6 +146,11 @@ strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119}} } +void test_strcpy_safe() { + char x[5]; + strcpy(x, "abcd"); +} + //===----------------------------------------------------------------------=== // strcat() //===----------------------------------------------------------------------=== Index: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp +++ lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp @@ -510,6 +510,22 @@ if (!checkCall_strCommon(CE, FD)) return; + unsigned long long ArraySize = 0; + unsigned StrLen; + bool StrLenFound = false; + const auto *Target = CE->getArg(0)->IgnoreImpCasts(), + *Source = CE->getArg(1)->IgnoreImpCasts(); + if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target)) + if (const auto *Array = dyn_cast<ConstantArrayType>( + DeclRef->getDecl()->getType().getTypePtr())) + ArraySize = Array->getSize().getLimitedValue(); + if (const auto *String = dyn_cast<StringLiteral>(Source)) { + StrLen = String->getLength(); + StrLenFound = true; + } + if (StrLenFound && ArraySize >= StrLen + 1) + return; + // Issue a warning. PathDiagnosticLocation CELoc = PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), AC);
Index: test/Analysis/security-syntax-checks.m =================================================================== --- test/Analysis/security-syntax-checks.m +++ test/Analysis/security-syntax-checks.m @@ -146,6 +146,11 @@ strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119}} } +void test_strcpy_safe() { + char x[5]; + strcpy(x, "abcd"); +} + //===----------------------------------------------------------------------=== // strcat() //===----------------------------------------------------------------------=== Index: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp +++ lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp @@ -510,6 +510,22 @@ if (!checkCall_strCommon(CE, FD)) return; + unsigned long long ArraySize = 0; + unsigned StrLen; + bool StrLenFound = false; + const auto *Target = CE->getArg(0)->IgnoreImpCasts(), + *Source = CE->getArg(1)->IgnoreImpCasts(); + if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target)) + if (const auto *Array = dyn_cast<ConstantArrayType>( + DeclRef->getDecl()->getType().getTypePtr())) + ArraySize = Array->getSize().getLimitedValue(); + if (const auto *String = dyn_cast<StringLiteral>(Source)) { + StrLen = String->getLength(); + StrLenFound = true; + } + if (StrLenFound && ArraySize >= StrLen + 1) + return; + // Issue a warning. PathDiagnosticLocation CELoc = PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), AC);
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits