Bug 1475882 - clang-analyzer: Enable clang-analyzer-unix.cstring.BadSizeArg check. r?andi
Check the size argument passed to strncat for common erroneous patterns. There are currently no clang-analyzer-unix.cstring.BadSizeArg warnings in mozilla-central!
https://clang-analyzer.llvm.org/available_checks.html
MozReview-Commit-ID: DUI3ZNIBoLQ
--- a/tools/clang-tidy/config.yaml
+++ b/tools/clang-tidy/config.yaml
@@ -29,16 +29,18 @@ clang_checkers:
- name: clang-analyzer-security.insecureAPI.rand
publish: !!bool no
- name: clang-analyzer-security.insecureAPI.strcpy
publish: !!bool no
- name: clang-analyzer-security.insecureAPI.UncheckedReturn
publish: !!bool yes
- name: clang-analyzer-security.insecureAPI.vfork
publish: !!bool yes
+ - name: clang-analyzer-unix.cstring.BadSizeArg
+ publish: !!bool yes
- name: misc-argument-comment
publish: !!bool yes
- name: misc-assert-side-effect
publish: !!bool yes
- name: misc-bool-pointer-implicit-conversion
publish: !!bool yes
- name: misc-forward-declaration-namespace
# Name with clang tidy 6.0. We are currently using 5.0
new file mode 100644
--- /dev/null
+++ b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.cpp
@@ -0,0 +1,9 @@
+// https://clang-analyzer.llvm.org/available_checks.html
+
+#include "structures.h"
+
+void test()
+{
+ char dest[3];
+ strncat(dest, "***", sizeof(dest)); // warning : potential buffer overflow
+}
new file mode 100644
--- /dev/null
+++ b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.json
@@ -0,0 +1,1 @@
+"[[\"warning\", \"Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API\", \"clang-analyzer-unix.cstring.BadSizeArg\"]]"
\ No newline at end of file
--- a/tools/clang-tidy/test/structures.h
+++ b/tools/clang-tidy/test/structures.h
@@ -82,8 +82,10 @@ char *mktemp(char *tmpl);
pid_t vfork(void);
int abort() { return 0; }
#define assert(x) \
if (!(x)) \
(void)abort()
+
+char *strncat(char *s1, const char *s2, std::size_t n);