New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warn if comparison result is passed as last argument to memcmp and friends (or when it's passed as size_t more generally?) #18671
Comments
On Chromium, this found another bug in addition to the one we already knew about, and had 0 false positives. Likely worth it. |
Evaluated this on chromium (found another bug, and 0 false positives), wrote tests, and sent the patch out: http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20131216/096073.html |
Initial version checked in at r198063. Might want to try to extend this to all function calls that have a size_t (or unsigned?) in the last parameter? |
generalized patch (Without the char check there lots of false positives in mesa, due to GLboolean being an unsigned char) |
yasm defines TRUE as (0==0) and FALSE as (0!=0) leading to all kinds of funny errors: ../../third_party/yasm/source/patched-yasm/libyasm/bitvect.c:1688:38: error: size argument in 'BitVector_Create' call is a comparison [-Werror,-Wmemsize-comparison] We should probably not emit this warning if the comparison is from a macro expansion (probably for the currently-checked in version too) :-D |
False positive in xz on: static inline void
|
False positive in yasm (many):
YASM_LIB_DECL
…I suppose this shouldn't fire on enums, or at least not on enums that have exactly two values? Going with the former for now. |
generalized patch, v2 |
Hm, the xz false positive could be fixed by only triggering the warning on functions that don't return void. |
generalized patch, v3 The patch still has one false positive I think:
bool AllSamplesPassedQuery::Process() { and relying on the void check feels brittle (if someone adds a status return code to that xz function, the warning starts firing again). So the warning is probably better as-is? It does find one thing that looks like a bug though. |
The one thing it found was this bit in nss (which I've reported to nss authors): In nss/lib/softoken/pkcs11.c around line 1110:
(Note the missing ')' in the first sftk_hasAttribute call – but it's a harmless bug, I'm told.) |
nss bug: https://bugzilla.mozilla.org/show_bug.cgi?id=957727 The MarkAsCompleted() thing is apparently more a bug than a false positive too. Maybe worth running this over more code bases to get a better feel for how it does. |
Extended Description
The motivation is to find bugs like https://codereview.chromium.org/99423002/diff/1/net/third_party/nss/ssl/ssl3con.c at compile time:
rnk suggested: " warn when passing comparison results to functions that expect sizes (memset et al)?". Give that a try.
The text was updated successfully, but these errors were encountered: