Author: Balazs Benics Date: 2020-11-30T18:06:28+01:00 New Revision: ee073c798515e56b23463391a7b40d5ee6527337
URL: https://github.com/llvm/llvm-project/commit/ee073c798515e56b23463391a7b40d5ee6527337 DIFF: https://github.com/llvm/llvm-project/commit/ee073c798515e56b23463391a7b40d5ee6527337.diff LOG: [analyzer][StdLibraryFunctionsChecker] Fix typos in summaries of mmap and mmap64 The fd parameter of ``` void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset) ``` should be constrained to the range [0, IntMax] as that is of type int. Constraining to the range [0, Off_tMax] would result in a crash as that is of a signed type with the value of 0xff..f (-1). The crash would happen when we try to apply the arg constraints. At line 583: assert(Min <= Max), as 0 <= -1 is not satisfied The mmap64 is fixed for the same reason. Reviewed By: martong, vsavchenko Differential Revision: https://reviews.llvm.org/D92307 Added: clang/test/Analysis/std-c-library-posix-crash.c Modified: clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp index 10011effe039..f8eafde3218d 100644 --- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp @@ -1722,7 +1722,6 @@ void StdLibraryFunctionsChecker::initFunctionSummaries( "ftello", Signature(ArgTypes{FilePtrTy}, RetType{Off_tTy}), Summary(NoEvalCall).ArgConstraint(NotNull(ArgNo(0)))); - Optional<RangeInt> Off_tMax = getMaxValue(Off_tTy); // void *mmap(void *addr, size_t length, int prot, int flags, int fd, // off_t offset); addToFunctionSummaryMap( @@ -1732,10 +1731,9 @@ void StdLibraryFunctionsChecker::initFunctionSummaries( Summary(NoEvalCall) .ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax))) .ArgConstraint( - ArgumentCondition(4, WithinRange, Range(0, Off_tMax)))); + ArgumentCondition(4, WithinRange, Range(0, IntMax)))); Optional<QualType> Off64_tTy = lookupTy("off64_t"); - Optional<RangeInt> Off64_tMax = getMaxValue(Off_tTy); // void *mmap64(void *addr, size_t length, int prot, int flags, int fd, // off64_t offset); addToFunctionSummaryMap( @@ -1745,7 +1743,7 @@ void StdLibraryFunctionsChecker::initFunctionSummaries( Summary(NoEvalCall) .ArgConstraint(ArgumentCondition(1, WithinRange, Range(1, SizeMax))) .ArgConstraint( - ArgumentCondition(4, WithinRange, Range(0, Off64_tMax)))); + ArgumentCondition(4, WithinRange, Range(0, IntMax)))); // int pipe(int fildes[2]); addToFunctionSummaryMap( diff --git a/clang/test/Analysis/std-c-library-posix-crash.c b/clang/test/Analysis/std-c-library-posix-crash.c new file mode 100644 index 000000000000..23321d548d6d --- /dev/null +++ b/clang/test/Analysis/std-c-library-posix-crash.c @@ -0,0 +1,18 @@ +// RUN: %clang_analyze_cc1 \ +// RUN: -analyzer-checker=core,apiModeling.StdCLibraryFunctions \ +// RUN: -analyzer-config apiModeling.StdCLibraryFunctions:ModelPOSIX=true \ +// RUN: -verify %s +// +// expected-no-diagnostics + +typedef long off_t; +typedef long long off64_t; +typedef unsigned long size_t; + +void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset); +void *mmap64(void *addr, size_t length, int prot, int flags, int fd, off64_t offset); + +void test(long len) { + mmap(0, len, 2, 1, 0, 0); // no-crash + mmap64(0, len, 2, 1, 0, 0); // no-crash +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
