maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[clang-tidy] Detect bugs in bugprone-misplaced-operator-in-strlen-in-alloc even in the case the allocation function is called using a constant function pointer 

Detect bugs even if a function of the malloc() family is called using a constant pointer.

llvm-svn: 318913
This commit is contained in:
Adam Balogh 2017-11-23 13:12:25 +00:00
parent 0857ca489e
commit cb58b2bb81
3 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
clang-tools-extra/clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
View File

@ -49,10 +49,23 @@ void MisplacedOperatorInStrlenInAllocCheck::registerMatchers(
functionDecl(anyOf(hasName("::calloc"), hasName("std::calloc"), functionDecl(anyOf(hasName("::calloc"), hasName("std::calloc"),
hasName("::realloc"), hasName("std::realloc"))); hasName("::realloc"), hasName("std::realloc")));
Finder->addMatcher( const auto Alloc0FuncPtr =
callExpr(callee(Alloc0Func), hasArgument(0, BadArg)).bind("Alloc"), this); varDecl(hasType(isConstQualified()),
Finder->addMatcher( hasInitializer(ignoringParenImpCasts(
callExpr(callee(Alloc1Func), hasArgument(1, BadArg)).bind("Alloc"), this); declRefExpr(hasDeclaration(Alloc0Func)))));
const auto Alloc1FuncPtr =
varDecl(hasType(isConstQualified()),
hasInitializer(ignoringParenImpCasts(
declRefExpr(hasDeclaration(Alloc1Func)))));
Finder->addMatcher(callExpr(callee(decl(anyOf(Alloc0Func, Alloc0FuncPtr))),
hasArgument(0, BadArg))
.bind("Alloc"),
this);
Finder->addMatcher(callExpr(callee(decl(anyOf(Alloc1Func, Alloc1FuncPtr))),
hasArgument(1, BadArg))
.bind("Alloc"),
this);
Finder->addMatcher( Finder->addMatcher(
cxxNewExpr(isArray(), hasArraySize(BadArg)).bind("Alloc"), this); cxxNewExpr(isArray(), hasArraySize(BadArg)).bind("Alloc"), this);
} }

8
clang-tools-extra/docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
View File

@ -7,9 +7,11 @@ Finds cases where ``1`` is added to the string in the argument to ``strlen()``,
``strnlen()``, ``strnlen_s()``, ``wcslen()``, ``wcsnlen()``, and ``wcsnlen_s()`` ``strnlen()``, ``strnlen_s()``, ``wcslen()``, ``wcsnlen()``, and ``wcsnlen_s()``
instead of the result and the value is used as an argument to a memory instead of the result and the value is used as an argument to a memory
allocation function (``malloc()``, ``calloc()``, ``realloc()``, ``alloca()``) or allocation function (``malloc()``, ``calloc()``, ``realloc()``, ``alloca()``) or
the ``new[]`` operator in `C++`. Cases where ``1`` is added both to the the ``new[]`` operator in `C++`. The check detects error cases even if one of
parameter and the result of the ``strlen()``-like function are ignored, as are these functions (except the ``new[]`` operator) is called by a constant function
cases where the whole addition is surrounded by extra parentheses. pointer. Cases where ``1`` is added both to the parameter and the result of the
``strlen()``-like function are ignored, as are cases where the whole addition is
surrounded by extra parentheses.
`C` example code: `C` example code:

8
clang-tools-extra/test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c
View File

@ -75,3 +75,11 @@ void intentional3(char *name) {
// CHECK-MESSAGES-NOT: :[[@LINE-1]]:28: warning: addition operator is applied to the argument of strlen // CHECK-MESSAGES-NOT: :[[@LINE-1]]:28: warning: addition operator is applied to the argument of strlen
// If expression is in extra parentheses, consider it as intentional // If expression is in extra parentheses, consider it as intentional
} }
void (*(*const alloc_ptr)(size_t)) = malloc;
void bad_indirect_alloc(char *name) {
char *new_name = (char *)alloc_ptr(strlen(name + 1));
// CHECK-MESSAGES: :[[@LINE-1]]:28: warning: addition operator is applied to the argument of strlen
// CHECK-FIXES: {{^ char \*new_name = \(char \*\)alloc_ptr\(}}strlen(name) + 1{{\);$}}
}