HomePhabricator

[analyzer] CStringChecker: Fix overly eager assumption that memcmp args overlap.

Authored by dergachev.a on Dec 10 2019, 6:23 PM.

Description

[analyzer] CStringChecker: Fix overly eager assumption that memcmp args overlap.

While analyzing code memcmp(a, NULL, n);', where a' has an unconstrained
symbolic value, the analyzer was emitting a warning about the *first* argument
being a null pointer, even though we'd rather have it warn about the *second*
argument.

This happens because CStringChecker first checks whether the two argument
buffers are in fact the same buffer, in order to take the fast path.
This boils down to assuming `a == NULL' to true. Then the subsequent check
for null pointer argument "discovers" that `a' is null.

Don't take the fast path unless we are *sure* that the buffers are the same.
Otherwise proceed as normal.

Differential Revision: https://reviews.llvm.org/D71322