1 files changed, 29 insertions, 0 deletions

diff --git a/gcc/analyzer/kf.cc b/gcc/analyzer/kf.cc
index ed5f703..93c4663 100644
--- a/gcc/analyzer/kf.cc
+++ b/gcc/analyzer/kf.cc
@@ -778,6 +778,34 @@ kf_strchr::impl_call_post (const call_details &cd) const
     }
 }
 
+/* Handler for "sprintf".
+     int sprintf(char *str, const char *format, ...);
+*/
+
+class kf_sprintf : public known_function
+{
+public:
+  bool matches_call_types_p (const call_details &cd) const final override
+  {
+    return (cd.num_args () >= 2
+	    && cd.arg_is_pointer_p (0)
+	    && cd.arg_is_pointer_p (1));
+  }
+
+  void impl_call_pre (const call_details &cd) const final override
+  {
+    /* For now, merely assume that the destination buffer gets set to a
+       new svalue.  */
+    region_model *model = cd.get_model ();
+    region_model_context *ctxt = cd.get_ctxt ();
+    const svalue *dst_ptr = cd.get_arg_svalue (0);
+    const region *dst_reg
+      = model->deref_rvalue (dst_ptr, cd.get_arg_tree (0), ctxt);
+    const svalue *content = cd.get_or_create_conjured_svalue (dst_reg);
+    model->set_value (dst_reg, content, ctxt);
+  }
+};
+
 /* Handler for "__builtin_stack_restore".  */
 
 class kf_stack_restore : public known_function
@@ -990,6 +1018,7 @@ register_known_functions (known_function_manager &kfm)
     kfm.add (BUILT_IN_MEMSET, make_unique<kf_memset> ());
     kfm.add (BUILT_IN_MEMSET_CHK, make_unique<kf_memset> ());
     kfm.add (BUILT_IN_REALLOC, make_unique<kf_realloc> ());
+    kfm.add (BUILT_IN_SPRINTF, make_unique<kf_sprintf> ());
     kfm.add (BUILT_IN_STACK_RESTORE, make_unique<kf_stack_restore> ());
     kfm.add (BUILT_IN_STACK_SAVE, make_unique<kf_stack_save> ());
     kfm.add (BUILT_IN_STRCHR, make_unique<kf_strchr> ());