Mercurial > mozreview > gecko / changeset / 348e071ba1af575a3228459e779697c0e71520ca
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1475882 - clang-analyzer: Enable clang-analyzer-unix.cstring.BadSizeArg check. r?andi draft
authorChris Peterson <cpeterson@mozilla.com>
Sat, 14 Jul 2018 23:15:37 -0700
changeset 819042 348e071ba1af575a3228459e779697c0e71520ca
parent 818601 3389fb54d2e3daee38db38503b37e9d994878bcd
child 819043 99547c607983003f1ce4a338ce8720d56a75f91f
push id116421
push usercpeterson@mozilla.com
push dateTue, 17 Jul 2018 01:36:52 +0000
reviewersandi
bugs1475882
milestone63.0a1
Bug 1475882 - clang-analyzer: Enable clang-analyzer-unix.cstring.BadSizeArg check. r?andi Check the size argument passed to strncat for common erroneous patterns. There are currently no clang-analyzer-unix.cstring.BadSizeArg warnings in mozilla-central! https://clang-analyzer.llvm.org/available_checks.html MozReview-Commit-ID: DUI3ZNIBoLQ
tools/clang-tidy/config.yaml file | annotate | diff | comparison | revisions
tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.cpp file | annotate | diff | comparison | revisions
tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.json file | annotate | diff | comparison | revisions
tools/clang-tidy/test/structures.h file | annotate | diff | comparison | revisions 
--- a/tools/clang-tidy/config.yaml
+++ b/tools/clang-tidy/config.yaml
@@ -29,16 +29,18 @@ clang_checkers:
   - name: clang-analyzer-security.insecureAPI.rand
     publish: !!bool no
   - name: clang-analyzer-security.insecureAPI.strcpy
     publish: !!bool no
   - name: clang-analyzer-security.insecureAPI.UncheckedReturn
     publish: !!bool yes
   - name: clang-analyzer-security.insecureAPI.vfork
     publish: !!bool yes
+  - name: clang-analyzer-unix.cstring.BadSizeArg
+    publish: !!bool yes
   - name: misc-argument-comment
     publish: !!bool yes
   - name: misc-assert-side-effect
     publish: !!bool yes
   - name: misc-bool-pointer-implicit-conversion
     publish: !!bool yes
   - name: misc-forward-declaration-namespace
     # Name with clang tidy 6.0. We are currently using 5.0
new file mode 100644
--- /dev/null
+++ b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.cpp
@@ -0,0 +1,9 @@
+// https://clang-analyzer.llvm.org/available_checks.html
+
+#include "structures.h"
+
+void test()
+{
+  char dest[3];
+  strncat(dest, "***", sizeof(dest)); // warning : potential buffer overflow
+}
new file mode 100644
--- /dev/null
+++ b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.json
@@ -0,0 +1,1 @@
+"[[\"warning\", \"Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API\", \"clang-analyzer-unix.cstring.BadSizeArg\"]]"
\ No newline at end of file
--- a/tools/clang-tidy/test/structures.h
+++ b/tools/clang-tidy/test/structures.h
@@ -82,8 +82,10 @@ char *mktemp(char *tmpl);
 
 pid_t vfork(void);
 
 int abort() { return 0; }
 
 #define assert(x)                                                              \
   if (!(x))                                                                    \
   (void)abort()
+
+char *strncat(char *s1, const char *s2, std::size_t n);
gecko
Deployed from af051c2a8da7 at 2024-04-29T16:08:02Z.