llvm-project/clang/test/Analysis/cstring-syntax.c

// RUN: %clang_cc1 -analyze -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s

typedef __SIZE_TYPE__ size_t;
char  *strncat(char *, const char *, size_t);
size_t strlen (const char *s);

void testStrncat(const char *src) {
  char dest[10];
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
  strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}
}
Turn on strncat-size warning implemented a while ago. Warns on anti-patterns/typos in the 'size' argument to strncat. The correct size argument should look like the following: - strncat(dst, src, sizeof(dst) - strlen(dest) - 1); We warn on: - sizeof(dst) - sizeof(src) - sizeof(dst) - strlen(dst) - sizeof(src) - anything (This has been implemented in void Sema::CheckStrncatArguments().) llvm-svn: 161440 2012-08-08 02:36:58 +08:00			`// RUN: %clang_cc1 -analyze -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s`
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407 2012-02-01 03:33:39 +08:00
			`typedef __SIZE_TYPE__ size_t;`
			`char strncat(char , const char *, size_t);`
			`size_t strlen (const char *s);`

			`void testStrncat(const char *src) {`
			`char dest[10];`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}`
			`strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}`
			`}`