[analyzer] [PR39792] false positive on strcpy targeting struct members

author George Karpenkov <ekarpenkov@apple.com>

Mon, 14 Jan 2019 18:54:48 +0000 (18:54 +0000)

committer George Karpenkov <ekarpenkov@apple.com>

Mon, 14 Jan 2019 18:54:48 +0000 (18:54 +0000)
author George Karpenkov <ekarpenkov@apple.com>
Mon, 14 Jan 2019 18:54:48 +0000 (18:54 +0000)
committer George Karpenkov <ekarpenkov@apple.com>
Mon, 14 Jan 2019 18:54:48 +0000 (18:54 +0000)
diff --git a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp

index 4a73810..163ca9d 100644 (file)
--- a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
@@ -651,14 +651,14 @@ void WalkAST::checkCall_strcpy(const CallExpr *CE, const FunctionDecl *FD) {
  
    const auto *Target = CE->getArg(0)->IgnoreImpCasts(),
               *Source = CE->getArg(1)->IgnoreImpCasts();
-  if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target))
-    if (const auto *Array = dyn_cast<ConstantArrayType>(DeclRef->getType())) {
-      uint64_t ArraySize = BR.getContext().getTypeSize(Array) / 8;
-      if (const auto *String = dyn_cast<StringLiteral>(Source)) {
-        if (ArraySize >= String->getLength() + 1)
-          return;
-      }
+
+  if (const auto *Array = dyn_cast<ConstantArrayType>(Target->getType())) {
+    uint64_t ArraySize = BR.getContext().getTypeSize(Array) / 8;
+    if (const auto *String = dyn_cast<StringLiteral>(Source)) {
+      if (ArraySize >= String->getLength() + 1)
+        return;
      }
+  }
  
    // Issue a warning.
    PathDiagnosticLocation CELoc =
diff --git a/clang/test/Analysis/security-syntax-checks.m b/clang/test/Analysis/security-syntax-checks.m

index 2c56972..1fd00df 100644 (file)
--- a/clang/test/Analysis/security-syntax-checks.m
+++ b/clang/test/Analysis/security-syntax-checks.m
@@ -177,6 +177,11 @@ void test_strcpy_safe() {
    strcpy(x, "abcd");
  }
  
+void test_strcpy_safe_2() {
+  struct {char s1[100];} s;
+  strcpy(s.s1, "hello");
+}
+
  //===----------------------------------------------------------------------===
  // strcat()
  //===----------------------------------------------------------------------===
author	George Karpenkov <ekarpenkov@apple.com>
	Mon, 14 Jan 2019 18:54:48 +0000 (18:54 +0000)
committer	George Karpenkov <ekarpenkov@apple.com>
	Mon, 14 Jan 2019 18:54:48 +0000 (18:54 +0000)
clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp		patch \| blob \| history
clang/test/Analysis/security-syntax-checks.m		patch \| blob \| history