Index: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp =================================================================== --- lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp +++ lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp @@ -740,7 +740,11 @@ // Issue a warning. ArgIndex == -1: Deprecated but not unsafe (has size // restrictions). enum { DEPR_ONLY = -1, UNKNOWN_CALL = -2 }; + StringRef Name = FD->getIdentifier()->getName(); + if (Name.startswith("__builtin_")) + Name = Name.substr(10); + int ArgIndex = llvm::StringSwitch(Name) .Cases("scanf", "wscanf", "vscanf", "vwscanf", 0) Index: test/Analysis/security-syntax-checks-no-emit.c =================================================================== --- test/Analysis/security-syntax-checks-no-emit.c +++ test/Analysis/security-syntax-checks-no-emit.c @@ -1,4 +1,8 @@ -// RUN: %clang_analyze_cc1 -triple i686-pc-linux-gnu -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify +// RUN: %clang_analyze_cc1 -triple i686-pc-linux-gnu %s -verify \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + // expected-no-diagnostics // This file complements 'security-syntax-checks.m', but tests that we omit Index: test/Analysis/security-syntax-checks.c =================================================================== --- /dev/null +++ test/Analysis/security-syntax-checks.c @@ -0,0 +1,9 @@ +// RUN: %clang_analyze_cc1 %s -verify \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI + +void builtin_function_call_crash_fixes(char *c) { + __builtin_strncpy(c, "", 6); // expected-warning{{Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard.}} + __builtin_memset(c, '\0', (0)); // expected-warning{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard.}} + __builtin_memcpy(c, c, 0); // expected-warning{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard.}} +} Index: test/Analysis/security-syntax-checks.m =================================================================== --- test/Analysis/security-syntax-checks.m +++ test/Analysis/security-syntax-checks.m @@ -1,11 +1,48 @@ -// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify -// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DUSE_BUILTINS -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify -// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify -// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DUSE_BUILTINS -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify -// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify -// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DUSE_BUILTINS -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify -// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify -// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DUSE_BUILTINS -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify +// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + +// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \ +// RUN: -DUSE_BUILTINS \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + +// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \ +// RUN: -DVARIANT \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + +// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \ +// RUN: -DUSE_BUILTINS -DVARIANT \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + +// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + +// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \ +// RUN: -DUSE_BUILTINS \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + +// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \ +// RUN: -DVARIANT \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter + +// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \ +// RUN: -DUSE_BUILTINS -DVARIANT \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=security.insecureAPI \ +// RUN: -analyzer-checker=security.FloatLoopCounter #ifdef USE_BUILTINS # define BUILTIN(f) __builtin_ ## f @@ -165,7 +202,7 @@ void test_strcpy() { char x[4]; - char *y; + char *y = 0; strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119}} } @@ -204,7 +241,7 @@ void test_strcat() { char x[4]; - char *y; + char *y = 0; strcat(x, y); //expected-warning{{Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119}} } @@ -274,8 +311,8 @@ void test_deprecated_or_unsafe_buffer_handling_1() { char buf [5]; wchar_t wbuf [5]; - int a; - FILE *file; + int a = 0; + FILE *file = 0; sprintf(buf, "a"); // expected-warning{{Call to function 'sprintf' is insecure}} scanf("%d", &a); // expected-warning{{Call to function 'scanf' is insecure}} scanf("%s", buf); // expected-warning{{Call to function 'scanf' is insecure}} @@ -300,7 +337,7 @@ void test_deprecated_or_unsafe_buffer_handling_2(const char *format, ...) { char buf [5]; - FILE *file; + FILE *file = 0; va_list args; va_start(args, format); vsprintf(buf, format, args); // expected-warning{{Call to function 'vsprintf' is insecure}} @@ -312,7 +349,7 @@ void test_deprecated_or_unsafe_buffer_handling_3(const wchar_t *format, ...) { wchar_t wbuf [5]; - FILE *file; + FILE *file = 0; va_list args; va_start(args, format); vwscanf(format, args); // expected-warning{{Call to function 'vwscanf' is insecure}}