Index: lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp +++ lib/StaticAnalyzer/Checkers/CStringSyntaxChecker.cpp @@ -147,7 +147,7 @@ const Expr *DstArg = CE->getArg(0); const Expr *LenArg = CE->getArg(2); - const auto *DstArgDecl = dyn_cast(DstArg->IgnoreParenCasts()); + const auto *DstArgDecl = dyn_cast(DstArg->IgnoreParenImpCasts()); const auto *LenArgDecl = dyn_cast(LenArg->IgnoreParenLValueCasts()); // - size_t dstlen = sizeof(dst) if (LenArgDecl) { @@ -159,14 +159,15 @@ // - integral value // We try to figure out if the last argument is possibly longer // than the destination can possibly handle if its size can be defined - if (const auto *IL = dyn_cast(LenArg->IgnoreParenCasts())) { + if (const auto *IL = dyn_cast(LenArg->IgnoreParenImpCasts())) { uint64_t ILRawVal = IL->getValue().getZExtValue(); - if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { - ASTContext &C = BR.getContext(); - uint64_t Usize = C.getTypeSizeInChars(DstArg->getType()).getQuantity(); - uint64_t BufferLen = BR.getContext().getTypeSize(Buffer) / Usize; - if (BufferLen < ILRawVal) - return true; + if (DstArgDecl) { + if (const auto *Buffer = dyn_cast(DstArgDecl->getType())) { + ASTContext &C = BR.getContext(); + uint64_t BufferLen = C.getTypeSize(Buffer) / 8; + if (BufferLen < ILRawVal) + return true; + } } } Index: test/Analysis/cstring-syntax.c =================================================================== --- test/Analysis/cstring-syntax.c +++ test/Analysis/cstring-syntax.c @@ -1,4 +1,7 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s +// RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s +// RUN: %clang_analyze_cc1 -triple aarch64_be-none-linux-gnu -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s +// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s typedef __SIZE_TYPE__ size_t; char *strncat(char *, const char *, size_t); @@ -27,4 +30,5 @@ strlcpy(dest, src, 20); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}} strlcpy(dest, src, badlen); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}} strlcpy(dest, src, ulen); + strlcpy(dest + 5, src, 5); }