HomePhabricator

[analyzer] Don't flag strcpy of string literals into sufficiently large buffers.

Description

[analyzer] Don't flag strcpy of string literals into sufficiently large buffers.

In the security package, we have a simple syntactic check that warns about
strcpy() being insecure, due to potential buffer overflows.

Suppress that check's warning in the trivial situation when the source is an
immediate null-terminated string literal and the target is an immediate
sufficiently large buffer.

Patch by AndrĂ¡s Leitereg!

Differential Revision: https://reviews.llvm.org/D41384

Details

Committed
dergachevJan 12 2018, 2:12 PM
Differential Revision
D41384: [analyzer] Suppress false positive warnings form security.insecureAPI.strcpy
Branches
Unknown
Tags
Unknown