================
@@ -2515,6 +2517,53 @@ void CStringChecker::evalSprintfCommon(CheckerContext
&C, const CallEvent &Call,
C.addTransition(State);
}
+void CStringChecker::evalGetentropy(CheckerContext &C, const CallEvent &Call)
const {
+ DestinationArgExpr Buffer = {{Call.getArgExpr(0), 0}};
+ SizeArgExpr Size = {{Call.getArgExpr(1), 1}};
+ ProgramStateRef State = C.getState();
+ SValBuilder &SVB = C.getSValBuilder();
+ SVal MaxLength = SVB.makeIntVal(256, C.getASTContext().IntTy);
+
+ SVal SizeVal = C.getSVal(Size.Expression);
+ QualType SizeTy = Size.Expression->getType();
+
+ ProgramStateRef StateZeroSize, StateNonZeroSize;
+ std::tie(StateZeroSize, StateNonZeroSize) =
+ assumeZero(C, State, SizeVal, SizeTy);
+
+ if (StateZeroSize) {
+ StateZeroSize = State->BindExpr(Call.getOriginExpr(),
C.getLocationContext(),
+ SVB.makeZeroVal(C.getASTContext().IntTy));
+ C.addTransition(StateZeroSize);
+ return;
+ }
+
+ SVal Buff = C.getSVal(Buffer.Expression);
+ State = checkNonNull(C, StateNonZeroSize, Buffer, Buff);
+ if (!State)
+ return;
+
+ QualType cmpTy = C.getSValBuilder().getConditionType();
+ ProgramStateRef sizeAboveLimit, sizeNotAboveLimit;
+ std::tie(sizeAboveLimit, sizeNotAboveLimit) = State->assume(
+ SVB
+ .evalBinOpNN(State, BO_GT, *SizeVal.getAs<NonLoc>(),
*MaxLength.getAs<NonLoc>(), cmpTy)
+ .castAs<DefinedOrUnknownSVal>());
+ if (sizeAboveLimit) {
+ ErrorMessage Message;
+ emitOutOfBoundsBug(C, sizeAboveLimit, Buffer.Expression, "must be smaller
than or equal to 256");
+ } else {
+ State = CheckBufferAccess(C, State, Buffer, Size, AccessKind::write);
----------------
NagyDonat wrote:
```suggestion
State = CheckBufferAccess(C, sizeNotAboveLimit, Buffer, Size,
AccessKind::write);
```
As I said before, try to use the most recent state value.
https://github.com/llvm/llvm-project/pull/83675
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
