From: Jordy Rose Date: Sat, 4 Jun 2011 00:04:22 +0000 (+0000) Subject: [analyzer] Fix handling of "copy zero bytes" for memcpy and friends. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=22d27178bf795145439b9588e260ccceab79a088;p=clang [analyzer] Fix handling of "copy zero bytes" for memcpy and friends. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132607 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 0eec34a9b4..e40567c6c6 100644 --- a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -713,16 +713,13 @@ void CStringChecker::evalCopyCommon(CheckerContext &C, // If the size is zero, there won't be any actual memory access, so // just bind the return value to the destination buffer and return. if (stateZeroSize) { + stateZeroSize = stateZeroSize->BindExpr(CE, destVal); C.addTransition(stateZeroSize); - if (IsMempcpy) - state->BindExpr(CE, destVal); - else - state->BindExpr(CE, sizeVal); - return; } // If the size can be nonzero, we have to check the other arguments. if (stateNonZeroSize) { + state = stateNonZeroSize; // Ensure the destination is not null. If it is NULL there will be a // NULL pointer dereference. diff --git a/test/Analysis/bstring.c b/test/Analysis/bstring.c index d74be0ffce..de88e9ae6f 100644 --- a/test/Analysis/bstring.c +++ b/test/Analysis/bstring.c @@ -136,6 +136,18 @@ void memcpy13() { memcpy(a, 0, 0); // no-warning } +void memcpy_unknown_size (size_t n) { + char a[4], b[4] = {1}; + if (memcpy(a, b, n) != a) + (void)*(char*)0; // no-warning +} + +void memcpy_unknown_size_warn (size_t n) { + char a[4]; + if (memcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to byte string function}} + (void)*(char*)0; // no-warning +} + //===----------------------------------------------------------------------=== // mempcpy() //===----------------------------------------------------------------------=== @@ -246,6 +258,12 @@ void mempcpy13() { mempcpy(a, 0, 0); // no-warning } +void mempcpy_unknown_size_warn (size_t n) { + char a[4]; + if (mempcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to byte string function}} + (void)*(char*)0; // no-warning +} + //===----------------------------------------------------------------------=== // memmove() //===----------------------------------------------------------------------===