NagyDonat wrote: > Probably for this checker another approach can work: Store only if a string > is known to be null-terminated, or known to contain no zero at all (probably > other state like "likely does not contain terminating zero" or "likely > contains zero only at the end" can be used). Additionally string length > should be maintained more accurately (in `CStringChecker`) and `strlen` > should return the "string length" value. When handling this data in all > string and memory manipulation functions simple cases of passing not > null-terminated string to a function could be found.
I see the logic behind this approach, and you're right that this could be quick solution for the simple cases, but I fear that the devil is in the details and it would be difficult to ensure that this string-length-based information remains consistent with the RegionStore. For this reason I would strongly prefer an approach that would rely on the `RegionStore` and e.g. investigate the `ClusterBindings` to understand the contents (and terminated/unterminated status) of a string. https://github.com/llvm/llvm-project/pull/146664 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
