-
- Downloads
analyzer: new warning: -Wanalyzer-unterminated-string [PR105899]
This patch adds new functions to the analyzer for checking that
an argument at a callsite is a pointer to a valid null-terminated
string, and uses this for the following known functions:
- error (param 3, the format string)
- error_at_line (param 5, the format string)
- putenv
- strchr (1st param)
- strcpy (2nd param)
- strdup
Currently the check merely detects pointers to unterminated string
constants, and adds a new -Wanalyzer-unterminated-string to complain
about that. I'm experimenting with detecting other ways in which
a buffer can fail to be null-terminated, and for other problems with
such buffers, but this patch at least adds the framework for wiring
up the check to specific parameters of known_functions.
gcc/analyzer/ChangeLog:
PR analyzer/105899
* analyzer.opt (Wanalyzer-unterminated-string): New.
* call-details.cc
(call_details::check_for_null_terminated_string_arg): New.
* call-details.h
(call_details::check_for_null_terminated_string_arg): New decl.
* kf-analyzer.cc (class kf_analyzer_get_strlen): New.
(register_known_analyzer_functions): Register it.
* kf.cc (kf_error::impl_call_pre): Check that format arg is a
valid null-terminated string.
(kf_putenv::impl_call_pre): Likewise for the sole param.
(kf_strchr::impl_call_pre): Likewise for the first param.
(kf_strcpy::impl_call_pre): Likewise for the second param.
(kf_strdup::impl_call_pre): Likewise for the sole param.
* region-model.cc (get_strlen): New.
(struct call_arg_details): New.
(inform_about_expected_null_terminated_string_arg): New.
(class unterminated_string_arg): New.
(region_model::check_for_null_terminated_string_arg): New.
* region-model.h
(region_model::check_for_null_terminated_string_arg): New decl.
gcc/ChangeLog:
PR analyzer/105899
* doc/analyzer.texi (__analyzer_get_strlen): New.
* doc/invoke.texi: Add -Wanalyzer-unterminated-string.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/analyzer-decls.h (__analyzer_get_strlen): New.
* gcc.dg/analyzer/error-1.c (test_error_unterminated): New.
(test_error_at_line_unterminated): New.
* gcc.dg/analyzer/null-terminated-strings-1.c: New test.
* gcc.dg/analyzer/putenv-1.c (test_unterminated): New.
* gcc.dg/analyzer/strchr-1.c (test_unterminated): New.
* gcc.dg/analyzer/strcpy-1.c (test_unterminated): New.
* gcc.dg/analyzer/strdup-1.c (test_unterminated): New.
Signed-off-by: 
David Malcolm <dmalcolm@redhat.com>
Showing
- gcc/analyzer/analyzer.opt 4 additions, 0 deletionsgcc/analyzer/analyzer.opt
- gcc/analyzer/call-details.cc 7 additions, 0 deletionsgcc/analyzer/call-details.cc
- gcc/analyzer/call-details.h 2 additions, 0 deletionsgcc/analyzer/call-details.h
- gcc/analyzer/kf-analyzer.cc 18 additions, 0 deletionsgcc/analyzer/kf-analyzer.cc
- gcc/analyzer/kf.cc 11 additions, 0 deletionsgcc/analyzer/kf.cc
- gcc/analyzer/region-model.cc 163 additions, 0 deletionsgcc/analyzer/region-model.cc
- gcc/analyzer/region-model.h 3 additions, 0 deletionsgcc/analyzer/region-model.h
- gcc/doc/analyzer.texi 8 additions, 0 deletionsgcc/doc/analyzer.texi
- gcc/doc/invoke.texi 13 additions, 0 deletionsgcc/doc/invoke.texi
- gcc/testsuite/gcc.dg/analyzer/analyzer-decls.h 5 additions, 0 deletionsgcc/testsuite/gcc.dg/analyzer/analyzer-decls.h
- gcc/testsuite/gcc.dg/analyzer/error-1.c 12 additions, 0 deletionsgcc/testsuite/gcc.dg/analyzer/error-1.c
- gcc/testsuite/gcc.dg/analyzer/null-terminated-strings-1.c 30 additions, 0 deletionsgcc/testsuite/gcc.dg/analyzer/null-terminated-strings-1.c
- gcc/testsuite/gcc.dg/analyzer/putenv-1.c 7 additions, 0 deletionsgcc/testsuite/gcc.dg/analyzer/putenv-1.c
- gcc/testsuite/gcc.dg/analyzer/strchr-1.c 6 additions, 0 deletionsgcc/testsuite/gcc.dg/analyzer/strchr-1.c
- gcc/testsuite/gcc.dg/analyzer/strcpy-1.c 6 additions, 0 deletionsgcc/testsuite/gcc.dg/analyzer/strcpy-1.c
- gcc/testsuite/gcc.dg/analyzer/strdup-1.c 6 additions, 0 deletionsgcc/testsuite/gcc.dg/analyzer/strdup-1.c
Loading
Please register or sign in to comment