From 393b9793da0b62e26e3974c88a0bca18f2d7fd5e Mon Sep 17 00:00:00 2001 From: Anna Zaks Date: Tue, 31 Jan 2012 19:33:31 +0000 Subject: [PATCH] [analyzer] Change the warning to suggest 'strlcat/strlcpy' as replacements for 'starcat/strcpy' instead of 'strncat/strncpy'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149406 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp | 4 ++-- test/Analysis/security-syntax-checks.m | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp b/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp index 0798a29643..87594ff4a7 100644 --- a/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp +++ b/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp @@ -516,7 +516,7 @@ void WalkAST::checkCall_strcpy(const CallExpr *CE, const FunctionDecl *FD) { "Call to function 'strcpy' is insecure as it does not " "provide bounding of the memory buffer. Replace " "unbounded copy functions with analogous functions that " - "support length arguments such as 'strncpy'. CWE-119.", + "support length arguments such as 'strlcpy'. CWE-119.", CELoc, &R, 1); } @@ -543,7 +543,7 @@ void WalkAST::checkCall_strcat(const CallExpr *CE, const FunctionDecl *FD) { "Call to function 'strcat' is insecure as it does not " "provide bounding of the memory buffer. Replace " "unbounded copy functions with analogous functions that " - "support length arguments such as 'strncat'. CWE-119.", + "support length arguments such as 'strlcat'. CWE-119.", CELoc, &R, 1); } diff --git a/test/Analysis/security-syntax-checks.m b/test/Analysis/security-syntax-checks.m index b392bd1ea6..f4ccefe58c 100644 --- a/test/Analysis/security-syntax-checks.m +++ b/test/Analysis/security-syntax-checks.m @@ -138,7 +138,7 @@ void test_strcpy() { char x[4]; char *y; - strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strncpy'. CWE-119.}} + strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119.}} } //===----------------------------------------------------------------------=== @@ -162,7 +162,7 @@ void test_strcat() { char x[4]; char *y; - strcat(x, y); //expected-warning{{Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strncat'. CWE-119.}} + strcat(x, y); //expected-warning{{Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119.}} } //===----------------------------------------------------------------------=== -- 2.40.0