Bug 1475882 - clang-tidy: Enable bugprone-suspicious-memset-usage check. r?andi
This check finds memset() calls with potential mistakes in their arguments. There are currently no bugprone-suspicious-memset-usage warnings in mozilla-central!
https://clang.llvm.org/extra/clang-tidy/checks/bugprone-suspicious-memset-usage.html
MozReview-Commit-ID: 9gmtidgMPwW
--- a/tools/clang-tidy/config.yaml
+++ b/tools/clang-tidy/config.yaml
@@ -6,16 +6,18 @@ target: obj-x86_64-pc-linux-gnu
platforms:
- macosx64
- linux64
- win64
- win32
clang_checkers:
- name: -*
publish: !!bool no
+ - name: bugprone-suspicious-memset-usage
+ publish: !!bool yes
- name: clang-analyzer-cplusplus.NewDelete
publish: !!bool yes
- name: clang-analyzer-cplusplus.NewDeleteLeaks
publish: !!bool yes
- name: clang-analyzer-deadcode.DeadStores
publish: !!bool yes
- name: clang-analyzer-security.FloatLoopCounter
publish: !!bool yes
new file mode 100644
--- /dev/null
+++ b/tools/clang-tidy/test/bugprone-suspicious-memset-usage.cpp
@@ -0,0 +1,22 @@
+// https://clang.llvm.org/extra/clang-tidy/checks/bugprone-suspicious-memset-usage.html
+
+#include "structures.h"
+
+void test(int* ip, char* cp)
+{
+ // Case 1: Fill value is a character '0' instead of NUL '\0'.
+ memset(ip, '0', 1); // WARNING: suspicious for non-char pointers
+ memset(cp, '0', 1); // OK for char pointers
+
+ // Case 2: Fill value is truncated.
+ memset(ip, 0xabcd, 1); // WARNING: fill value gets truncated
+ memset(ip, 0x00cd, 1); // OK because value 0xcd is not truncated.
+ memset(ip, 0x00, 1); // OK because value is not truncated.
+
+ // Case 3: Byte count is zero.
+ memset(ip, sizeof(int), 0); // WARNING: zero length, potentially swapped
+ memset(ip, sizeof(int), 1); // OK with non-zero length
+
+ // See clang bug https://bugs.llvm.org/show_bug.cgi?id=38098
+ memset(ip, 8, 0); // OK with zero length without sizeof
+}
new file mode 100644
--- /dev/null
+++ b/tools/clang-tidy/test/bugprone-suspicious-memset-usage.json
@@ -0,0 +1,1 @@
+"[[\"warning\", \"memset fill value is char '0', potentially mistaken for int 0\", \"bugprone-suspicious-memset-usage\"], [\"warning\", \"memset fill value is out of unsigned character range, gets truncated\", \"bugprone-suspicious-memset-usage\"], [\"warning\", \"memset of size zero, potentially swapped arguments\", \"bugprone-suspicious-memset-usage\"]]"
\ No newline at end of file
--- a/tools/clang-tidy/test/clang-analyzer-unix.Malloc.json
+++ b/tools/clang-tidy/test/clang-analyzer-unix.Malloc.json
@@ -1,1 +1,1 @@
-"[[\"warning\", \"Attempt to free released memory\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Use of memory after it is freed\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Potential leak of memory pointed to by 'p'\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Argument to free() is the address of the local variable 'a', which is not memory allocated by malloc()\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Argument to free() is offset by -4 bytes from the start of memory allocated by malloc()\", \"clang-analyzer-unix.Malloc\"]]"
+"[[\"warning\", \"Attempt to free released memory\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Use of memory after it is freed\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Potential leak of memory pointed to by 'p'\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Argument to free() is the address of the local variable 'a', which is not memory allocated by malloc()\", \"clang-analyzer-unix.Malloc\"], [\"warning\", \"Argument to free() is offset by -4 bytes from the start of memory allocated by malloc()\", \"clang-analyzer-unix.Malloc\"]]"
\ No newline at end of file
--- a/tools/clang-tidy/test/structures.h
+++ b/tools/clang-tidy/test/structures.h
@@ -88,8 +88,10 @@ int abort() { return 0; }
if (!(x)) \
(void)abort()
std::size_t strlen(const char *s);
char *strncat(char *s1, const char *s2, std::size_t n);
void free(void *ptr);
void *malloc(std::size_t size);
+
+void *memset(void *b, int c, std::size_t len);