diff options
| author | Balázs Kéri <balazs.keri@ericsson.com> | 2025-05-23 09:26:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-23 09:26:31 +0200 |
| commit | be50ada9d008673a041a5e675f9d9d70a4572aaa (patch) | |
| tree | 0446a0f70b01312eb45901c43a4ae23d345b6764 | |
| parent | f1cf168a6fbfa28eca2bebb4493966dc63c925c5 (diff) | |
| download | llvm-be50ada9d008673a041a5e675f9d9d70a4572aaa.zip llvm-be50ada9d008673a041a5e675f9d9d70a4572aaa.tar.gz llvm-be50ada9d008673a041a5e675f9d9d70a4572aaa.tar.bz2 | |
[clang][analyzer] Refine modeling of 'getcwd' in StdCLibraryFunctions checker (#141076)
Add extra branches for the case when the buffer argument is NULL.
Fixes #135720
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp | 14 | ||||
| -rw-r--r-- | clang/test/Analysis/errno-stdlibraryfunctions.c | 15 |
2 files changed, 24 insertions, 5 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp index 3c6c312..6dae817 100644 --- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp @@ -2651,16 +2651,22 @@ void StdLibraryFunctionsChecker::initFunctionSummaries( addToFunctionSummaryMap( "getcwd", Signature(ArgTypes{CharPtrTy, SizeTy}, RetType{CharPtrTy}), Summary(NoEvalCall) - .Case({ArgumentCondition(1, WithinRange, Range(1, SizeMax)), + .Case({NotNull(0), + ArgumentCondition(1, WithinRange, Range(1, SizeMax)), ReturnValueCondition(BO_EQ, ArgNo(0))}, ErrnoMustNotBeChecked, GenericSuccessMsg) - .Case({ArgumentCondition(1, WithinRange, SingleValue(0)), + .Case({NotNull(0), + ArgumentCondition(1, WithinRange, SingleValue(0)), IsNull(Ret)}, ErrnoNEZeroIrrelevant, "Assuming that argument 'size' is 0") - .Case({ArgumentCondition(1, WithinRange, Range(1, SizeMax)), + .Case({NotNull(0), + ArgumentCondition(1, WithinRange, Range(1, SizeMax)), IsNull(Ret)}, ErrnoNEZeroIrrelevant, GenericFailureMsg) - .ArgConstraint(NotNull(ArgNo(0))) + .Case({IsNull(0), NotNull(Ret)}, ErrnoMustNotBeChecked, + GenericSuccessMsg) + .Case({IsNull(0), IsNull(Ret)}, ErrnoNEZeroIrrelevant, + GenericFailureMsg) .ArgConstraint( BufferSize(/*Buffer*/ ArgNo(0), /*BufSize*/ ArgNo(1))) .ArgConstraint( diff --git a/clang/test/Analysis/errno-stdlibraryfunctions.c b/clang/test/Analysis/errno-stdlibraryfunctions.c index 657aa37..72d167f 100644 --- a/clang/test/Analysis/errno-stdlibraryfunctions.c +++ b/clang/test/Analysis/errno-stdlibraryfunctions.c @@ -99,7 +99,9 @@ void errno_mkdtemp3(CHAR_PTR template) { } } -void errno_getcwd(char *Buf, size_t Sz) { +void errno_getcwd_buf_nonnull(char *Buf, size_t Sz) { + if (Buf == NULL) + return; char *Path = getcwd(Buf, Sz); if (Sz == 0) { clang_analyzer_eval(errno != 0); // expected-warning{{TRUE}} @@ -114,6 +116,17 @@ void errno_getcwd(char *Buf, size_t Sz) { } } +void errno_getcwd_buf_null() { + // POSIX does not mention this case but many implementations (Linux, FreeBSD) work this way. + char *Path = getcwd(NULL, 1); + if (Path == NULL) { + clang_analyzer_eval(errno != 0); // expected-warning{{TRUE}} + if (errno) {} // no warning + } else { + if (errno) {} // expected-warning{{An undefined value may be read from 'errno'}} + } +} + void errno_execv(char *Path, char * Argv[]) { int Ret = execv(Path, Argv); clang_analyzer_eval(Ret == -1); // expected-warning{{TRUE}} |