diff options
| author | Jordy Rose <jediknil@belkadan.com> | 2011-06-04 00:04:22 +0000 |
|---|---|---|
| committer | Jordy Rose <jediknil@belkadan.com> | 2011-06-04 00:04:22 +0000 |
| commit | 22d27178bf795145439b9588e260ccceab79a088 (patch) | |
| tree | 11723ef6a3fa61dcea5f8563e9fa229d3b36e2d1 | |
| parent | be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59 (diff) | |
[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132607 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/CStringChecker.cpp | 7 | ||||
| -rw-r--r-- | test/Analysis/bstring.c | 18 |
2 files changed, 20 insertions, 5 deletions
diff --git a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 0eec34a9b4..e40567c6c6 100644 --- a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -713,16 +713,13 @@ void CStringChecker::evalCopyCommon(CheckerContext &C, // If the size is zero, there won't be any actual memory access, so // just bind the return value to the destination buffer and return. if (stateZeroSize) { + stateZeroSize = stateZeroSize->BindExpr(CE, destVal); C.addTransition(stateZeroSize); - if (IsMempcpy) - state->BindExpr(CE, destVal); - else - state->BindExpr(CE, sizeVal); - return; } // If the size can be nonzero, we have to check the other arguments. if (stateNonZeroSize) { + state = stateNonZeroSize; // Ensure the destination is not null. If it is NULL there will be a // NULL pointer dereference. diff --git a/test/Analysis/bstring.c b/test/Analysis/bstring.c index d74be0ffce..de88e9ae6f 100644 --- a/test/Analysis/bstring.c +++ b/test/Analysis/bstring.c @@ -136,6 +136,18 @@ void memcpy13() { memcpy(a, 0, 0); // no-warning } +void memcpy_unknown_size (size_t n) { + char a[4], b[4] = {1}; + if (memcpy(a, b, n) != a) + (void)*(char*)0; // no-warning +} + +void memcpy_unknown_size_warn (size_t n) { + char a[4]; + if (memcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to byte string function}} + (void)*(char*)0; // no-warning +} + //===----------------------------------------------------------------------=== // mempcpy() //===----------------------------------------------------------------------=== @@ -246,6 +258,12 @@ void mempcpy13() { mempcpy(a, 0, 0); // no-warning } +void mempcpy_unknown_size_warn (size_t n) { + char a[4]; + if (mempcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to byte string function}} + (void)*(char*)0; // no-warning +} + //===----------------------------------------------------------------------=== // memmove() //===----------------------------------------------------------------------=== |