forked from OSchip/llvm-project
[analyzer] Provide a check name when MallocChecker enables CStringChecker
Fix an assertion failure caused by a missing CheckName. The malloc checker enables "basic" support in the CStringChecker, which causes some CString bounds checks to be enabled. In this case, make sure that we have a valid CheckName for the BugType. llvm-svn: 323052
This commit is contained in:
parent
5829d8f1f7
commit
2ff57bcd18
|
@ -309,9 +309,19 @@ ProgramStateRef CStringChecker::CheckLocation(CheckerContext &C,
|
|||
if (!N)
|
||||
return nullptr;
|
||||
|
||||
CheckName Name;
|
||||
// These checks are either enabled by the CString out-of-bounds checker
|
||||
// explicitly or the "basic" CStringNullArg checker support that Malloc
|
||||
// checker enables.
|
||||
assert(Filter.CheckCStringOutOfBounds || Filter.CheckCStringNullArg);
|
||||
if (Filter.CheckCStringOutOfBounds)
|
||||
Name = Filter.CheckNameCStringOutOfBounds;
|
||||
else
|
||||
Name = Filter.CheckNameCStringNullArg;
|
||||
|
||||
if (!BT_Bounds) {
|
||||
BT_Bounds.reset(new BuiltinBug(
|
||||
Filter.CheckNameCStringOutOfBounds, "Out-of-bound array access",
|
||||
Name, "Out-of-bound array access",
|
||||
"Byte string function accesses out-of-bound array element"));
|
||||
}
|
||||
BuiltinBug *BT = static_cast<BuiltinBug*>(BT_Bounds.get());
|
||||
|
|
|
@ -32,6 +32,7 @@ typedef __typeof(sizeof(int)) size_t;
|
|||
size_t strlen(const char *);
|
||||
|
||||
char *strcpy(char *restrict, const char *restrict);
|
||||
char *strncpy(char *dst, const char *src, size_t n);
|
||||
void *memcpy(void *dst, const void *src, size_t n);
|
||||
|
||||
typedef unsigned long __darwin_pthread_key_t;
|
||||
|
|
|
@ -1777,6 +1777,15 @@ void freeFunctionPtr() {
|
|||
free((void *)fnptr); // expected-warning {{Argument to free() is a function pointer}}
|
||||
}
|
||||
|
||||
// Enabling the malloc checker enables some of the buffer-checking portions
|
||||
// of the C-string checker.
|
||||
void cstringchecker_bounds_nocrash() {
|
||||
char *p = malloc(2);
|
||||
strncpy(p, "AAA", sizeof("AAA")); // expected-warning {{Size argument is greater than the length of the destination buffer}}
|
||||
|
||||
free(p);
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------
|
||||
// False negatives.
|
||||
|
||||
|
|
Loading…
Reference in New Issue