From: Artem Dergachev <artem.dergachev@gmail.com>
Date: Thu, 25 Apr 2019 20:30:14 +0000 (+0000)
Subject: [analyzer] Add FIXMEs for alpha.unix.cstring.OutOfBounds false positives.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dc5524293c9579af106b7d2cc179fe6d723d69d7;p=clang

[analyzer] Add FIXMEs for alpha.unix.cstring.OutOfBounds false positives.

Caused by incorrect strlcat() modeling in r332303,
cf. https://bugs.llvm.org/show_bug.cgi?id=37687#c8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@359237 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
index fe11e54883..73a5d58d9e 100644
--- a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
@@ -1528,6 +1528,10 @@ void CStringChecker::evalStrlcat(CheckerContext &C, const CallExpr *CE) const {
   if (CE->getNumArgs() < 3)
     return;
 
+  // FIXME: strlcat() uses a different rule for bound checking, i.e. 'n' means
+  // a different thing as compared to strncat(). This currently causes
+  // false positives in the alpha string bound checker.
+
   //char *strlcat(char *s1, const char *s2, size_t n);
   evalStrcpyCommon(C, CE,
                    /* returnEnd = */ false,
diff --git a/test/Analysis/bsd-string.c b/test/Analysis/bsd-string.c
index bca42ca896..4fbfd48ad8 100644
--- a/test/Analysis/bsd-string.c
+++ b/test/Analysis/bsd-string.c
@@ -15,6 +15,7 @@ void f1() {
 void f2() {
   char buf[5];
   strlcpy(buf, "abcd", sizeof(buf)); // expected-no-warning
+  // FIXME: This should not warn. The string is safely truncated.
   strlcat(buf, "efgh", sizeof(buf)); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
 }