etienneb added a comment. In http://reviews.llvm.org/D18783#393367, @LegalizeAdulthood wrote:
> There are some APIs where a series of strings are passed as a single `char *` > with NUL separators between the strings and the last string is indicated by > two NUL characters in a row. For instance, see the MSDN documentation > <https://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx> > for the `lpDependencies` argument to `CreateService` > <https://msdn.microsoft.com/en-us/library/windows/desktop/ms682450(v=vs.85).aspx>. > Such strings literals in the code look like: > > LPCTSTR dependencies = _T("one\0two\0three\0four\0"); > > > I don't see any annotation on this argument in `<winsvc.h>` where this > function is declared, so there's no hint from the header about this argument. > In this case, the biggest mistake people make is omitting the final NUL > character, thinking that the `\0` acts as a string separator and not a > terminator: > > LPCTSTR dependencies = _T("one\0two\0three\0four"); > > > If you're lucky this results in a crash right away. If you're unlucky the > compiler placed this constant in an area of memory with zero padding and it > works by accident on your machine until it ships to a customer and then > breaks on their machine mysteriously. > > I was never a fan of these magic string array arguments and they mostly > appear in the older portions of the Win32 API, but they are there > nonetheless. I would hate for this check to signal a bunch of false > positives on such strings. I know about these kind functions, and they are not covered by the current state of this check. The current check only apply if there is a conversion from char* -> std::string (implicit constructor). For now, I want to keep the false-positive ratio low. I made a prototype to detect instances passed to 'func(char*)' but there are too many false-positives. http://reviews.llvm.org/D18783 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits