diff options
| author | Erik Pilkington <erik.pilkington@gmail.com> | 2019-03-18 19:23:45 +0000 |
|---|---|---|
| committer | Erik Pilkington <erik.pilkington@gmail.com> | 2019-03-18 19:23:45 +0000 |
| commit | 25d062ee4f1b683ccfeefb177d289eac901851cc (patch) | |
| tree | c615a23ae85936a1088992c6024f524b8e270665 /test/Analysis/pr22954.c | |
| parent | 2bc6178db36348e53054ce2f5b7816da1bae580e (diff) | |
[Sema] Add some compile time _FORTIFY_SOURCE diagnostics
These diagnose overflowing calls to subset of fortifiable functions. Some
functions, like sprintf or strcpy aren't supported right not, but we should
probably support these in the future. We previously supported this kind of
functionality with -Wbuiltin-memcpy-chk-size, but that diagnostic doesn't work
with _FORTIFY implementations that use wrapper functions. Also unlike that
diagnostic, we emit these warnings regardless of whether _FORTIFY_SOURCE is
actually enabled, which is nice for programs that don't enable the runtime
checks.
Why not just use diagnose_if, like Bionic does? We can get better diagnostics in
the compiler (i.e. mention the sizes), and we have the potential to diagnose
sprintf and strcpy which is impossible with diagnose_if (at least, in languages
that don't support C++14 constexpr). This approach also saves standard libraries
from having to add diagnose_if.
rdar://48006655
Differential revision: https://reviews.llvm.org/D58797
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@356397 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/Analysis/pr22954.c')
| -rw-r--r-- | test/Analysis/pr22954.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/test/Analysis/pr22954.c b/test/Analysis/pr22954.c index 6d5b04417a..e88acdc29d 100644 --- a/test/Analysis/pr22954.c +++ b/test/Analysis/pr22954.c @@ -303,7 +303,7 @@ int f18() { i18.j = 11; i18.s2 = strdup("hello"); char input[100] = {3}; - memcpy(i18.s1, input, 100); + memcpy(i18.s1, input, 100); // expected-warning {{'memcpy' will always overflow; destination buffer has size 24, but size argument is 100}} clang_analyzer_eval(i18.s1[0] == 1); // expected-warning{{UNKNOWN}}\ expected-warning{{Potential leak of memory pointed to by 'i18.s2'}} clang_analyzer_eval(i18.s1[1] == 2); // expected-warning{{UNKNOWN}} @@ -534,7 +534,7 @@ int f262() { struct aa a262 = {{1, 2, 3, 4}, 0}; a262.s2 = strdup("hello"); char input[] = {'a', 'b', 'c', 'd'}; - memcpy(a262.s1, input, -1); + memcpy(a262.s1, input, -1); // expected-warning{{'memcpy' will always overflow; destination buffer has size 16, but size argument is 18446744073709551615}} clang_analyzer_eval(a262.s1[0] == 1); // expected-warning{{UNKNOWN}}\ expected-warning{{Potential leak of memory pointed to by 'a262.s2'}} clang_analyzer_eval(a262.s1[1] == 1); // expected-warning{{UNKNOWN}} |