leanil updated this revision to Diff 127739.
leanil added a comment.
Move negative test next to the positive ones, because the necessary macros and
run-lines are already defined there.
https://reviews.llvm.org/D41384
Files:
lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
test/Analysis/security-syntax-checks.m
Index: test/Analysis/security-syntax-checks.m
===================================================================
--- test/Analysis/security-syntax-checks.m
+++ test/Analysis/security-syntax-checks.m
@@ -146,6 +146,11 @@
strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as
it does not provide bounding of the memory buffer. Replace unbounded copy
functions with analogous functions that support length arguments such as
'strlcpy'. CWE-119}}
}
+void test_strcpy_safe() {
+ char x[5];
+ strcpy(x, "abcd");
+}
+
//===----------------------------------------------------------------------===
// strcat()
//===----------------------------------------------------------------------===
Index: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
+++ lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
@@ -510,6 +510,18 @@
if (!checkCall_strCommon(CE, FD))
return;
+ int ArraySize = -1, StrLen = -1;
+ const auto *Target = CE->getArg(0)->IgnoreImpCasts(),
+ *Source = CE->getArg(1)->IgnoreImpCasts();
+ if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target))
+ if (const auto *Array = dyn_cast<ConstantArrayType>(
+ DeclRef->getDecl()->getType().getTypePtr()))
+ ArraySize = Array->getSize().getLimitedValue();
+ if (const auto *String = dyn_cast<StringLiteral>(Source))
+ StrLen = String->getLength();
+ if (StrLen != -1 && ArraySize >= StrLen + 1)
+ return;
+
// Issue a warning.
PathDiagnosticLocation CELoc =
PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), AC);
Index: test/Analysis/security-syntax-checks.m
===================================================================
--- test/Analysis/security-syntax-checks.m
+++ test/Analysis/security-syntax-checks.m
@@ -146,6 +146,11 @@
strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119}}
}
+void test_strcpy_safe() {
+ char x[5];
+ strcpy(x, "abcd");
+}
+
//===----------------------------------------------------------------------===
// strcat()
//===----------------------------------------------------------------------===
Index: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
+++ lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
@@ -510,6 +510,18 @@
if (!checkCall_strCommon(CE, FD))
return;
+ int ArraySize = -1, StrLen = -1;
+ const auto *Target = CE->getArg(0)->IgnoreImpCasts(),
+ *Source = CE->getArg(1)->IgnoreImpCasts();
+ if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target))
+ if (const auto *Array = dyn_cast<ConstantArrayType>(
+ DeclRef->getDecl()->getType().getTypePtr()))
+ ArraySize = Array->getSize().getLimitedValue();
+ if (const auto *String = dyn_cast<StringLiteral>(Source))
+ StrLen = String->getLength();
+ if (StrLen != -1 && ArraySize >= StrLen + 1)
+ return;
+
// Issue a warning.
PathDiagnosticLocation CELoc =
PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), AC);
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
