aboutsummaryrefslogtreecommitdiff
path: root/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp')
-rw-r--r--clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp19
1 files changed, 18 insertions, 1 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
index a2409b0..e758b46 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
@@ -134,6 +134,12 @@ class StdLibraryFunctionsChecker
}
ArgNo getArgNo() const { return ArgN; }
+ // Return those arguments that should be tracked when we report a bug. By
+ // default it is the argument that is constrained, however, in some special
+ // cases we need to track other arguments as well. E.g. a buffer size might
+ // be encoded in another argument.
+ virtual std::vector<ArgNo> getArgsToTrack() const { return {ArgN}; }
+
virtual StringRef getName() const = 0;
// Give a description that explains the constraint to the user. Used when
@@ -309,6 +315,15 @@ class StdLibraryFunctionsChecker
: ValueConstraint(Buffer), SizeArgN(BufSize),
SizeMultiplierArgN(BufSizeMultiplier) {}
+ std::vector<ArgNo> getArgsToTrack() const override {
+ std::vector<ArgNo> Result{ArgN};
+ if (SizeArgN)
+ Result.push_back(*SizeArgN);
+ if (SizeMultiplierArgN)
+ Result.push_back(*SizeMultiplierArgN);
+ return Result;
+ }
+
std::string describe(ProgramStateRef State,
const Summary &Summary) const override;
@@ -576,7 +591,9 @@ private:
CheckNames[CK_StdCLibraryFunctionArgsChecker],
"Unsatisfied argument constraints", categories::LogicError);
auto R = std::make_unique<PathSensitiveBugReport>(*BT_InvalidArg, Msg, N);
- bugreporter::trackExpressionValue(N, Call.getArgExpr(VC->getArgNo()), *R);
+
+ for (ArgNo ArgN : VC->getArgsToTrack())
+ bugreporter::trackExpressionValue(N, Call.getArgExpr(ArgN), *R);
// Highlight the range of the argument that was violated.
R->addRange(Call.getArgSourceRange(VC->getArgNo()));
generated by cgit v1.1 at 2025-08-04 02:44:24 +0000