Index: test/SemaCXX/warn-memset-bad-sizeof.cpp =================================================================== --- test/SemaCXX/warn-memset-bad-sizeof.cpp (revision 0) +++ test/SemaCXX/warn-memset-bad-sizeof.cpp (revision 0) @@ -0,0 +1,44 @@ +// RUN: %clang_cc1 -fsyntax-only -verify %s +// +extern "C" void *memset(void *, int, unsigned); +extern "C" void *memmove(void *s1, const void *s2, unsigned n); +extern "C" void *memcpy(void *s1, const void *s2, unsigned n); + +struct S {int a, b, c, d;}; +typedef S* PS; + +void f(char fake_array[8]) { // http://www.lysator.liu.se/c/c-faq/c-2.html#2-6 + S s; + S* ps = &s; + PS ps2 = &s; + char arr[5]; + char* parr[5]; + + /* Should warn */ + memset(&s, 0, sizeof(&s)); // \ + // expected-warning {{The sizeof expression in 'memset' has type 'S *', the same type that the first argument has. The sizeof expression should probably have type 'S' instead.}} + memset(ps, 0, sizeof(ps)); // \ + // expected-warning {{The sizeof expression in 'memset' has type 'S *', the same type that the first argument has. The sizeof expression should probably have type 'S' instead.}} + memset(ps2, 0, sizeof(ps2)); // \ + // expected-warning {{The sizeof expression in 'memset' has type 'PS' (aka 'S *'), the same type that the first argument has. The sizeof expression should probably have type 'S' instead.}} + memset(ps2, 0, sizeof(typeof(ps2))); // \ + // expected-warning {{The sizeof expression in 'memset' has type 'typeof (ps2)' (aka 'S *'), the same type that the first argument has. The sizeof expression should probably have type 'S' instead.}} + memset(ps2, 0, sizeof(PS)); // \ + // expected-warning {{The sizeof expression in 'memset' has type 'PS' (aka 'S *'), the same type that the first argument has. The sizeof expression should probably have type 'S' instead.}} + memset(fake_array, 0, sizeof(fake_array)); // \ + // expected-warning {{The sizeof expression in 'memset' has type 'char *', the same type that the first argument has. The sizeof expression should probably have type 'char' instead.}} + + memcpy(&s, 0, sizeof(&s)); // \ + // expected-warning {{The sizeof expression in 'memcpy' has type 'S *', the same type that the first argument has. The sizeof expression should probably have type 'S' instead.}} + memcpy(0, &s, sizeof(&s)); // \ + // expected-warning {{The sizeof expression in 'memcpy' has type 'S *', the same type that the second argument has. The sizeof expression should probably have type 'S' instead.}} + + /* Shouldn't warn */ + memset(&s, 0, sizeof(s)); + memset(ps, 0, sizeof(*ps)); + memset(ps2, 0, sizeof(*ps2)); + memset(ps2, 0, sizeof(typeof(*ps2))); + memset(arr, 0, sizeof(arr)); + memset(parr, 0, sizeof(parr)); +} + Index: include/clang/Basic/DiagnosticSemaKinds.td =================================================================== --- include/clang/Basic/DiagnosticSemaKinds.td (revision 132895) +++ include/clang/Basic/DiagnosticSemaKinds.td (working copy) @@ -267,6 +267,10 @@ InGroup>; def note_bad_memaccess_silence : Note< "explicitly cast the pointer to silence this warning">; +def warn_sizeof_pointer : Warning< + "The sizeof expression in %0 has type %1, the same type that the " + "%select{first|second}2 argument has. The sizeof expression should probably " + "have type %3 instead.">; /// main() // static/inline main() are not errors in C, just in C++. Index: lib/Sema/SemaChecking.cpp =================================================================== --- lib/Sema/SemaChecking.cpp (revision 132895) +++ lib/Sema/SemaChecking.cpp (working copy) @@ -1812,6 +1812,20 @@ return false; } +/// \brief If E is a sizeof expression, returns the expression's type in +/// OutType. +static bool sizeofExprType(const Expr* E, QualType *OutType) { + if (const UnaryExprOrTypeTraitExpr *SizeOf = + dyn_cast(E)) { + if (SizeOf->getKind() != clang::UETT_SizeOf) + return false; + + *OutType = SizeOf->getTypeOfArgument(); + return true; + } + return false; +} + /// \brief Check for dangerous or invalid arguments to memset(). /// /// This issues warnings on known problematic, dangerous or unspecified @@ -1826,8 +1840,9 @@ if (Call->getNumArgs() != 3) return; - unsigned LastArg = FnName->isStr("memset")? 1 : 2; - for (unsigned ArgIdx = 0; ArgIdx != LastArg; ++ArgIdx) { + unsigned LastPtrArg = FnName->isStr("memset")? 1 : 2; + const Expr *LenExpr = Call->getArg(2)->IgnoreParenImpCasts(); + for (unsigned ArgIdx = 0; ArgIdx != LastPtrArg; ++ArgIdx) { const Expr *Dest = Call->getArg(ArgIdx)->IgnoreParenImpCasts(); QualType DestTy = Dest->getType(); @@ -1836,6 +1851,17 @@ if (PointeeTy->isVoidType()) continue; + // Catch "memset(p, 0, sizeof(p))" -- needs to be sizeof(*p). + QualType sizeofType; + if (sizeofExprType(LenExpr, &sizeofType) && + Context.typesAreCompatible(sizeofType, DestTy)) { + // Note: This complains about sizeof(typeof(p)) as well. + SourceLocation loc = LenExpr->getSourceRange().getBegin(); + Diag(loc, diag::warn_sizeof_pointer) + << FnName << sizeofType << ArgIdx << PointeeTy; + break; + } + // Always complain about dynamic classes. if (isDynamicClassType(PointeeTy)) { DiagRuntimeBehavior(