================ @@ -1026,6 +1026,100 @@ Check for null pointers being passed as arguments to C string functions: return strlen(0); // warn } +.. _unix-StdCLibraryFunctions: + +unix.StdCLibraryFunctions (C) +""""""""""""""""""""""""""""""""""" +Check for calls of standard library functions that violate predefined argument +constraints. For example, it is stated in the C standard that for the ``int +isalnum(int ch)`` function the behavior is undefined if the value of ``ch`` is +not representable as unsigned char and is not equal to ``EOF``. + +.. code-block:: c + + #define EOF -1 + void test_alnum_concrete(int v) { + int ret = isalnum(256); // \ + // warning: Function argument outside of allowed range + (void)ret; + } + + void buffer_size_violation(FILE *file) { + enum { BUFFER_SIZE = 1024 }; + wchar_t wbuf[BUFFER_SIZE]; + + const size_t size = sizeof(*wbuf); // 4 + const size_t nitems = sizeof(wbuf); // 4096 + + // Below we receive a warning because the 3rd parameter should be the + // number of elements to read, not the size in bytes. This case is a known + // vulnerability described by the ARR38-C SEI-CERT rule. + fread(wbuf, size, nitems, file); + } + +You can think of this checker as defining restrictions (pre- and postconditions) +on standard library functions. Preconditions are checked, and when they are +violated, a warning is emitted. Post conditions are added to the analysis, e.g. +that the return value must be no greater than 255. + +For example if an argument to a function must be in between 0 and 255, but the +value of the argument is unknown, the analyzer will conservatively assume that +it is in this interval. Similarly, if a function mustn't be called with a null +pointer and the null value of the argument can not be proven, the analyzer will +assume that it is non-null. ---------------- DonatNagyE wrote:
```suggestion pointer and the analyzer cannot prove that it is null, then it will assume that it is non-null. ``` "can not be proven" is stronger than "the analyzer cannot prove it" https://github.com/llvm/llvm-project/pull/66207 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits