NoQ added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/cert/StrChecker.cpp:124
+ if (const SymbolicRegion *SR = DestMR->getSymbolicBase())
+ if (const Expr *SizeExpr = getDynamicSizeExpr(C.getState(), SR))
+ return exprToStr(SizeExpr, C);
----------------
Again, you will have to highlight the allocation site with a note. Therefore
you will have to write a bug visitor that traverses the size expression at some
point (or, equivalently, a note tag when the size expression is evaluated).
Therefore you don't need to store the expression in the program state.
================
Comment at: clang/test/Analysis/cert/str31-alloc.cpp:42
+ // expected-warning@-1 {{'gets' could write outside of 'buf3'}}
+ // CHECK-FIXES: if (gets_s(buf3 + 1, sizeof(buf3))) {}
+}
----------------
The fix is not correct. It should be `sizeof(buf3) - 1`, otherwise you still
have a buffer overflow.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D69813/new/
https://reviews.llvm.org/D69813
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
