Page MenuHomePhabricator

[clang] Evaluate strlen of strcpy argument for -Wfortify-source.

Authored by mbenfield on Jun 24 2021, 5:10 PM.


Diff Detail

Event Timeline

mbenfield requested review of this revision.Jun 24 2021, 5:10 PM
mbenfield created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptJun 24 2021, 5:10 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript

Accommodate the fact that APSInt::toString(unsigned) was removed.

mbenfield updated this revision to Diff 357077.Jul 7 2021, 2:25 PM

fix failing tests

mbenfield updated this revision to Diff 358309.Jul 13 2021, 9:32 AM

undo commenting out in source_location.cpp

thanks for this! mostly just nits from me


Looks like this is the second "try to evaluate the call to this builtin function" API endpoint we have here (the other being for __builtin_object_size). IMO this isn't an issue, but if we need many more of these, it might be worth considering exposing a more general Expr::tryEvaluateBuiltinFunctionCall(APValue &, ASTContext &, BuiltinID, ArrayRef<Expr>) or similar.


nit: i'd rename this ComputeExplicitObjectSizeArgument


nit: would const Expr * work here? clang prefers to have const where possible


i expected ComputeCheckVariantSize to imply that the argument was to a _chk function, but these cases don't reference _chk functions (nor do we set IsChkVariant = true;). should this be calling ComputeSizeArgument instead?


same "shouldn't this be ComputeSizeArgument?' question


same question


for completeness and consistency, please include a case where this warning doesn't fire.

at the same time, it'd be nice to test for an off-by-one (which i believe is handled correctly by this patch already); maybe shorten src to "abcd" and have a test on char dst2[5]; that doesn't fire?

cjdb added a comment.Jul 15 2021, 11:05 AM

Thanks for getting around to this! Just a nit and a clarifying question.


Nit: s/null/NUL


This comment is slightly different to the RHS: does that mean that a diagnostic might not be issued?

mbenfield added inline comments.Jul 16 2021, 2:10 PM

I just didn't find the extra verbiage helpful. AFAICT this code could be used for purposes other than issuing a diagnostic, and a diagnostic could be issued after following either the fast or slow path, so it didn't make a lot of sense to me. But if you have a different preference for this comment let me know.

mbenfield added inline comments.Jul 16 2021, 3:15 PM

Maybe the name ComputeCheckVariantSize was misleading and it'll be more clear now that I'm changing the name, but these functions like strncat, the memcpys below, and snprintf, etc, all take an explicit size argument just like the _chk functions.

mbenfield updated this revision to Diff 359655.Jul 18 2021, 4:05 PM

Rebased and addressed comments.

  • Renamed ComputeCheckVariantSize.
  • const Expr *.
  • Changed existing test case to write only one excess byte.
  • Added new, non-diagnosing test case.

lgtm -- thanks!

please give a day for other reviewers to add any last minute comments, then i think we can land this.


ohh, gotcha. i was misinterpreting the relationship between IsChkVariant and SourceSize then -- thanks for the clarification!

This revision is now accepted and ready to land.Jul 20 2021, 9:51 AM
This revision was landed with ongoing or failed builds.Jul 28 2021, 1:53 PM
This revision was automatically updated to reflect the committed changes.