commit 1ebd1c4f9d9932b0095e03560b5fab1d5e0ee987
author Artem Dergachev <artem.dergachev@gmail.com> Fri Jan 12 22:12:11 2018 +0000
committer Artem Dergachev <artem.dergachev@gmail.com> Fri Jan 12 22:12:11 2018 +0000
tree dcdfc83d3cc39d6e2efe6c7f446b0dd1e383ce83
parent 59e4e400c3ba5a4f7a496a336335f77af581443a

[analyzer] Don't flag strcpy of string literals into sufficiently large buffers.

In the security package, we have a simple syntactic check that warns about
strcpy() being insecure, due to potential buffer overflows.

Suppress that check's warning in the trivial situation when the source is an
immediate null-terminated string literal and the target is an immediate
sufficiently large buffer.

Patch by András Leitereg!

Differential Revision: https://reviews.llvm.org/D41384

llvm-svn: 322410

clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp

diff --git a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
index 6dbacad..62831be 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
@@ -510,6 +510,17 @@
   if (!checkCall_strCommon(CE, FD))
     return;
 
+  const auto *Target = CE->getArg(0)->IgnoreImpCasts(),
+             *Source = CE->getArg(1)->IgnoreImpCasts();
+  if (const auto *DeclRef = dyn_cast<DeclRefExpr>(Target))
+    if (const auto *Array = dyn_cast<ConstantArrayType>(DeclRef->getType())) {
+      uint64_t ArraySize = BR.getContext().getTypeSize(Array) / 8;
+      if (const auto *String = dyn_cast<StringLiteral>(Source)) {
+        if (ArraySize >= String->getLength() + 1)
+          return;
+      }
+    }
+
   // Issue a warning.
   PathDiagnosticLocation CELoc =
     PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), AC);