26 #include "llvm/ADT/SmallString.h"
27 #include "llvm/Support/raw_ostream.h"
29 using namespace clang;
39 bool sameDecl(
const Expr *A1,
const Expr *A2) {
42 return D1->
getDecl() == D2->getDecl();
47 bool isSizeof(
const Expr *
E,
const Expr *WithArg) {
48 if (
const auto *UE = dyn_cast<UnaryExprOrTypeTraitExpr>(E))
49 if (UE->getKind() ==
UETT_SizeOf && !UE->isArgumentType())
50 return sameDecl(UE->getArgumentExpr(), WithArg);
55 bool isStrlen(
const Expr *E,
const Expr *WithArg) {
56 if (
const auto *CE = dyn_cast<CallExpr>(E)) {
61 sameDecl(CE->getArg(0), WithArg));
67 bool isOne(
const Expr *E) {
68 if (
const auto *IL = dyn_cast<IntegerLiteral>(E))
69 return (IL->getValue().isIntN(1));
73 StringRef getPrintableName(
const Expr *E) {
81 bool containsBadStrncatPattern(
const CallExpr *CE);
85 : Checker(Checker), BR(BR), AC(AC) {}
88 void VisitChildren(
Stmt *
S);
89 void VisitStmt(
Stmt *
S) {
102 bool WalkAST::containsBadStrncatPattern(
const CallExpr *CE) {
110 if (
const auto *BE = dyn_cast<BinaryOperator>(LenArg->
IgnoreParenCasts())) {
112 if (BE->getOpcode() == BO_Sub) {
113 const Expr *L = BE->getLHS();
114 const Expr *R = BE->getRHS();
115 if (isSizeof(L, DstArg) && isStrlen(R, DstArg))
124 if (isSizeof(LenArg, DstArg))
128 if (isSizeof(LenArg, SrcArg))
133 void WalkAST::VisitCallExpr(
CallExpr *CE) {
139 if (containsBadStrncatPattern(CE)) {
145 StringRef DstName = getPrintableName(DstArg);
148 llvm::raw_svector_ostream os(S);
149 os <<
"Potential buffer overflow. ";
150 if (!DstName.empty()) {
151 os <<
"Replace with 'sizeof(" << DstName <<
") "
152 "- strlen(" << DstName <<
") - 1'";
156 os <<
"se a safer 'strlcat' API";
158 BR.EmitBasicReport(FD,
Checker,
"Anti-pattern in the argument",
159 "C String API", os.str(), Loc,
168 void WalkAST::VisitChildren(
Stmt *S) {
175 class CStringSyntaxChecker:
public Checker<check::ASTCodeBody> {
FunctionDecl - An instance of this class is created to represent a function declaration or definition...
StringRef getName() const
getName - Get the name of identifier for this declaration as a StringRef.
Expr * getArg(unsigned Arg)
getArg - Return the specified argument.
Defines enumerations for the type traits support.
Stmt - This represents one statement.
Decl - This represents one declaration (or definition), e.g.
AnalysisDeclContext contains the context data for the function or method under analysis.
Expr * IgnoreParenCasts() LLVM_READONLY
IgnoreParenCasts - Ignore parentheses and casts.
const Decl * getDecl() const
AnalysisDeclContext * getAnalysisDeclContext(const Decl *D)
Expr - This represents one expression.
static bool isCLibraryFunction(const FunctionDecl *FD, StringRef Name=StringRef())
Returns true if the callee is an externally-visible function in the top-level namespace, such as malloc.
BugReporter is a utility class for generating PathDiagnostics for analysis.
static PathDiagnosticLocation createBegin(const Decl *D, const SourceManager &SM)
Create a location for the beginning of the declaration.
CHECKER * registerChecker()
Used to register checkers.
StmtVisitor - This class implements a simple visitor for Stmt subclasses.
virtual Stmt * getBody() const
getBody - If this Decl represents a declaration for a body of code, such as a function or method defi...
FunctionDecl * getDirectCallee()
If the callee is a FunctionDecl, return it. Otherwise return 0.
detail::InMemoryDirectory::const_iterator E
unsigned getNumArgs() const
getNumArgs - Return the number of actual arguments to this call.
SourceRange getSourceRange() const LLVM_READONLY
SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...
Defines the clang::TargetInfo interface.
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).