NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/cert/StrChecker.cpp:184
+ if (IsFix) {
+ if (Optional<std::string> SizeStr = getSizeExprAsString(Call, CallC, C)) {
+ renameFunctionFix(UseSafeFunctions ? "gets_s" : "fgets", Call, *Report);
----------------
Also, which is probably more important, you will never be able to provide a
fixit for the malloced memory case, because there may be multiple execution
paths that reach the current point with different size expressions (in fact,
not necessarily all of them are malloced).
Eg.:
```lang=c
char *x = 0;
char y[10];
if (coin()) {
x = malloc(20);
} else {
x = y;
}
gets(x);
```
If you suggest replacing `gets(x)` with `gets_s(x, 20)`, you'll still have a
buffer overflow on the else-branch on which `x` points to an array of 10 bytes.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D69813/new/
https://reviews.llvm.org/D69813
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
