review.tizen.org Git - platform/upstream/llvm.git/commit

author	Ella Ma <alansnape3058@gmail.com>
	Thu, 8 Jun 2023 12:22:58 +0000 (20:22 +0800)
committer	Ella Ma <alansnape3058@gmail.com>
	Mon, 3 Jul 2023 08:13:47 +0000 (16:13 +0800)
commit	1bd2d335b649f2e09d7e4bdd0b92c78489ded022
tree	180bb9e989b2d89663b4dcb4aabc165f7b8c97b9	tree \| snapshot
parent	280d163887eade88bb9c2c300337b0bc414d6301	commit \| diff

[analyzer][CStringChecker] Adjust the invalidation operation on the super region of the destination buffer during string copy

Fixing GitHub issue: https://github.com/llvm/llvm-project/issues/55019
Following the previous fix https://reviews.llvm.org/D12571 on issue https://github.com/llvm/llvm-project/issues/23328

The two issues report false memory leaks after calling string-copy APIs with a buffer field in an object as the destination.
The buffer invalidation incorrectly drops the assignment to a heap memory block when no overflow problems happen.
And the pointer of the dropped assignment is declared in the same object of the destination buffer.

The previous fix only considers the `memcpy` functions whose copy length is available from arguments.
In this issue, the copy length is inferable from the buffer declaration and string literals being copied.
Therefore, I have adjusted the previous fix to reuse the copy length computed before.

Besides, for APIs that never overflow (strsep) or we never know whether they can overflow (std::copy),
new invalidation operations have been introduced to inform CStringChecker::InvalidateBuffer whether or not to
invalidate the super region that encompasses the destination buffer.

Reviewed By: steakhal

Differential Revision: https://reviews.llvm.org/D152435

clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp		diff \| blob \| history
clang/test/Analysis/Inputs/system-header-simulator.h		diff \| blob \| history
clang/test/Analysis/issue-55019.cpp	[new file with mode: 0644]	blob
clang/test/Analysis/pr22954.c		diff \| blob \| history