Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
FangSoftSoft
/
clang
2
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

[analyzer] Change the warning to suggest 'strlcat/strlcpy' as
replacements for 'starcat/strcpy' instead of 'strncat/strncpy'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149406 91177308-0d34-0410-b5e6-96231b3b80d8

Anna Zaks 13 vuotta sitten
vanhempi
588e83bf3e
commit
393b9793da
2 muutettua tiedostoa jossa 4 lisäystä ja 4 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 2 2
      lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
  2. 2 2
      test/Analysis/security-syntax-checks.m

+ 2 - 2
lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
Näytä tiedosto 

@@ -516,7 +516,7 @@ void WalkAST::checkCall_strcpy(const CallExpr *CE, const FunctionDecl *FD) {
 
                      "Call to function 'strcpy' is insecure as it does not "
 
 		     "provide bounding of the memory buffer. Replace "
 
 		     "unbounded copy functions with analogous functions that "
 
-		     "support length arguments such as 'strncpy'. CWE-119.",
 
+		     "support length arguments such as 'strlcpy'. CWE-119.",
 
                      CELoc, &R, 1);
 
 }
 
 
@@ -543,7 +543,7 @@ void WalkAST::checkCall_strcat(const CallExpr *CE, const FunctionDecl *FD) {
 
 		     "Call to function 'strcat' is insecure as it does not "
 
 		     "provide bounding of the memory buffer. Replace "
 
 		     "unbounded copy functions with analogous functions that "
 
-		     "support length arguments such as 'strncat'. CWE-119.",
 
+		     "support length arguments such as 'strlcat'. CWE-119.",
 
                      CELoc, &R, 1);
 
 }

+ 2 - 2
test/Analysis/security-syntax-checks.m
Näytä tiedosto 

@@ -138,7 +138,7 @@ void test_strcpy() {
 
   char x[4];
 
   char *y;
 
 
-  strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strncpy'. CWE-119.}}
 
+  strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119.}}
 
 }
 
 
 //===----------------------------------------------------------------------===
 
@@ -162,7 +162,7 @@ void test_strcat() {
 
   char x[4];
 
   char *y;
 
 
-  strcat(x, y); //expected-warning{{Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strncat'. CWE-119.}}
 
+  strcat(x, y); //expected-warning{{Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119.}}
 
 }
 
 
 //===----------------------------------------------------------------------===