[Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs

[cvs-commit at gcc dot gnu.org via Gcc-bugs]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899

--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>:

https://gcc.gnu.org/g:0ae07a7203dd24f90e49d025046e61ef90a9fd18

commit r14-3463-g0ae07a7203dd24f90e49d025046e61ef90a9fd18
Author: David Malcolm <dmalc...@redhat.com>
Date:   Thu Aug 24 10:24:38 2023 -0400

    analyzer: reimplement kf_strcpy [PR105899]

    This patch reimplements the analyzer's implementation of strcpy using
    the region_model::scan_for_null_terminator infrastructure, so that e.g.
    it can complain about out-of-bounds reads/writes, unterminated strings,
    etc.

    gcc/analyzer/ChangeLog:
            PR analyzer/105899
            * kf.cc (kf_strcpy::impl_call_pre): Reimplement using
            check_for_null_terminated_string_arg.
            * region-model.cc (region_model::get_store_bytes): Shortcut
            reading all of a string_region.
            (region_model::scan_for_null_terminator): Use get_store_value for
            the bytes rather than "unknown" when returning an unknown length.
            (region_model::write_bytes): New.
            * region-model.h (region_model::write_bytes): New decl.

    gcc/testsuite/ChangeLog:
            PR analyzer/105899
            * gcc.dg/analyzer/out-of-bounds-diagram-16.c: New test.
            * gcc.dg/analyzer/strcpy-1.c: Add test coverage.
            * gcc.dg/analyzer/strcpy-3.c: Likewise.
            * gcc.dg/analyzer/strcpy-4.c: New test.

    Signed-off-by: David Malcolm <dmalc...@redhat.com>