if (!N)
return nullptr;
+ CheckName Name;
+ // These checks are either enabled by the CString out-of-bounds checker
+ // explicitly or the "basic" CStringNullArg checker support that Malloc
+ // checker enables.
+ assert(Filter.CheckCStringOutOfBounds || Filter.CheckCStringNullArg);
+ if (Filter.CheckCStringOutOfBounds)
+ Name = Filter.CheckNameCStringOutOfBounds;
+ else
+ Name = Filter.CheckNameCStringNullArg;
+
if (!BT_Bounds) {
BT_Bounds.reset(new BuiltinBug(
- Filter.CheckNameCStringOutOfBounds, "Out-of-bound array access",
+ Name, "Out-of-bound array access",
"Byte string function accesses out-of-bound array element"));
}
BuiltinBug *BT = static_cast<BuiltinBug*>(BT_Bounds.get());
size_t strlen(const char *);
char *strcpy(char *restrict, const char *restrict);
+char *strncpy(char *dst, const char *src, size_t n);
void *memcpy(void *dst, const void *src, size_t n);
typedef unsigned long __darwin_pthread_key_t;
free((void *)fnptr); // expected-warning {{Argument to free() is a function pointer}}
}
+// Enabling the malloc checker enables some of the buffer-checking portions
+// of the C-string checker.
+void cstringchecker_bounds_nocrash() {
+ char *p = malloc(2);
+ strncpy(p, "AAA", sizeof("AAA")); // expected-warning {{Size argument is greater than the length of the destination buffer}}
+
+ free(p);
+}
+
// ----------------------------------------------------------------------------
// False negatives.
projects / platform / upstream / llvm.git / commitdiff