This is an archive of the discontinued LLVM Phabricator instance.

Differential D43928

[analyzer] Correctly measure array size in security.insecureAPI.strcpy
AcceptedPublic

Authored by leanil on Mar 1 2018, 12:19 AM.

Details

Reviewers
dcoughlin
xazax.hun
NoQ
george.karpenkov
Summary

This will handle those platforms that don't have 8-bit chars.
This is a follow up fix to review D41384, which has been committed since.

Diff Detail

Event Timeline

leanil created this revision.Mar 1 2018, 12:19 AM
Herald added a reviewer: george.karpenkov. · View Herald TranscriptMar 1 2018, 12:19 AM
Herald added subscribers: a.sidorin, rnkovacs, szepet. · View Herald Transcript
leanil updated this revision to Diff 136474.Mar 1 2018, 12:28 AM

getQuantity() returns a signed type

xazax.hun accepted this revision.Mar 1 2018, 5:48 AM

LGTM!

This revision is now accepted and ready to land.Mar 1 2018, 5:48 AM
NoQ added inline comments.Mar 1 2018, 9:20 AM
lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
517

I suggest not using auto here, because it makes it harder to understand integer promotions (potential overflows or sign extensions) in the comparison.

leanil added inline comments.Mar 2 2018, 6:22 AM
lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
517

That's true. Should it be CharUnits::QuantityType then?

NoQ added a comment.May 4 2018, 5:51 PM

Sorry, i completely forgot about this one :(

I think this patch needs lit tests, eg. tell the analyzer to analyze a simple strcpy() call on any -target with non-8-bit chars and see if it's still crashes or behaves incorrectly.

lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
517

I think you should still getQuantity(), and then explicitly cast it to a type that's compatible with String->getLength(), so that there were no implicit integer casts around >=.

Revision Contents

PathSize
lib/
StaticAnalyzer/
Checkers/
2 lines

Diff 136473

lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp

Show First 20 LinesShow All 508 Lines▼ Show 20 Linesvoid WalkAST::checkCall_strcpy(const CallExpr *CE, const FunctionDecl *FD) {
if (!checkCall_strCommon(CE, FD)) if (!checkCall_strCommon(CE, FD))
return; return;
const auto *Target = CE->getArg(0)->IgnoreImpCasts(), const auto *Target = CE->getArg(0)->IgnoreImpCasts(),
*Source = CE->getArg(1)->IgnoreImpCasts(); *Source = CE->getArg(1)->IgnoreImpCasts();
if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target)) if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target))
if (const auto *Array = dyn_cast<ConstantArrayType>(DeclRef->getType())) { if (const auto *Array = dyn_cast<ConstantArrayType>(DeclRef->getType())) {
uint64_t ArraySize = BR.getContext().getTypeSize(Array) / 8; uint64_t ArraySize = BR.getContext().getTypeSizeInChars(Array).getQuantity();
NoQUnsubmitted
Not Done
ReplyInline Actions

I suggest not using auto here, because it makes it harder to understand integer promotions (potential overflows or sign extensions) in the comparison.

NoQ: I suggest not using `auto` here, because it makes it harder to understand integer promotions…
leanilAuthorUnsubmitted
Not Done
ReplyInline Actions

That's true. Should it be CharUnits::QuantityType then?

leanil: That's true. Should it be `CharUnits::QuantityType` then?
NoQUnsubmitted
Not Done
ReplyInline Actions

I think you should still getQuantity(), and then explicitly cast it to a type that's compatible with String->getLength(), so that there were no implicit integer casts around >=.

NoQ: I think you should still `getQuantity()`, and then explicitly cast it to a type that's…
if (const auto *String = dyn_cast<StringLiteral>(Source)) { if (const auto *String = dyn_cast<StringLiteral>(Source)) {
if (ArraySize >= String->getLength() + 1) if (ArraySize >= String->getLength() + 1)
return; return;
} }
} }
// Issue a warning. // Issue a warning.
PathDiagnosticLocation CELoc = PathDiagnosticLocation CELoc =
▲ Show 20 LinesShow All 263 LinesShow Last 20 Lines