[PATCH] D39370: [clang-tidy] Detect bugs in bugprone-misplaced-operator-in-strlen-in-alloc even in the case the allocation function is called using a constant function pointer

Mon, 06 Nov 2017 00:44:37 -0800 

baloghadamsoftware updated this revision to Diff 121692.
baloghadamsoftware added a comment.

Updated to match https://reviews.llvm.org/D39121.


https://reviews.llvm.org/D39370

Files:
  clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
  docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
  test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c


Index: test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c
===================================================================
--- test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c
+++ test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c
@@ -75,3 +75,11 @@
   // CHECK-MESSAGES-NOT: :[[@LINE-1]]:28: warning: addition operator is 
applied to the argument of strlen
   // If expression is in extra parentheses, consider it as intentional
 }
+
+void (*(*const alloc_ptr)(size_t)) = malloc;
+
+void bad_indirect_alloc(char *name) {
+  char *new_name = (char *)alloc_ptr(strlen(name + 1));
+  // CHECK-MESSAGES: :[[@LINE-1]]:28: warning: addition operator is applied to 
the argument of strlen
+  // CHECK-FIXES: {{^  char \*new_name = \(char \*\)alloc_ptr\(}}strlen(name) 
+ 1{{\);$}}
+}
Index: docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
===================================================================
--- docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
+++ docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
@@ -7,9 +7,10 @@
 ``strnlen()``, ``strnlen_s()``, ``wcslen()``, ``wcsnlen()``, and 
``wcsnlen_s()``
 instead of the result and the value is used as an argument to a memory
 allocation function (``malloc()``, ``calloc()``, ``realloc()``, ``alloca()``).
-Cases where ``1`` is added both to the parameter and the result of the
-``strlen()``-like function are ignored, as are cases where the whole addition 
is
-surrounded by extra parentheses.
+The check detects error cases even if one of these functions is called by a
+constant function pointer.  Cases where ``1`` is added both to the parameter
+and the result of the ``strlen()``-like function are ignored, as are cases 
where
+the whole addition is surrounded by extra parentheses.
 
 Example code:
 
Index: clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
===================================================================
--- clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
+++ clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
@@ -49,10 +49,23 @@
       functionDecl(anyOf(hasName("::calloc"), hasName("std::calloc"),
                          hasName("::realloc"), hasName("std::realloc")));
 
-  Finder->addMatcher(
-      callExpr(callee(Alloc0Func), hasArgument(0, BadArg)).bind("Alloc"), 
this);
-  Finder->addMatcher(
-      callExpr(callee(Alloc1Func), hasArgument(1, BadArg)).bind("Alloc"), 
this);
+  const auto Alloc0FuncPtr =
+      varDecl(hasType(isConstQualified()),
+              hasInitializer(ignoringParenImpCasts(
+                  declRefExpr(hasDeclaration(Alloc0Func)))));
+  const auto Alloc1FuncPtr =
+      varDecl(hasType(isConstQualified()),
+              hasInitializer(ignoringParenImpCasts(
+                  declRefExpr(hasDeclaration(Alloc1Func)))));
+
+  Finder->addMatcher(callExpr(callee(decl(anyOf(Alloc0Func, Alloc0FuncPtr))),
+                              hasArgument(0, BadArg))
+                         .bind("Alloc"),
+                     this);
+  Finder->addMatcher(callExpr(callee(decl(anyOf(Alloc1Func, Alloc1FuncPtr))),
+                              hasArgument(1, BadArg))
+                         .bind("Alloc"),
+                     this);
 }
 
 void MisplacedOperatorInStrlenInAllocCheck::check(



Index: test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c
===================================================================
--- test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c
+++ test/clang-tidy/bugprone-misplaced-operator-in-strlen-in-alloc.c
@@ -75,3 +75,11 @@
   // CHECK-MESSAGES-NOT: :[[@LINE-1]]:28: warning: addition operator is applied to the argument of strlen
   // If expression is in extra parentheses, consider it as intentional
 }
+
+void (*(*const alloc_ptr)(size_t)) = malloc;
+
+void bad_indirect_alloc(char *name) {
+  char *new_name = (char *)alloc_ptr(strlen(name + 1));
+  // CHECK-MESSAGES: :[[@LINE-1]]:28: warning: addition operator is applied to the argument of strlen
+  // CHECK-FIXES: {{^  char \*new_name = \(char \*\)alloc_ptr\(}}strlen(name) + 1{{\);$}}
+}
Index: docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
===================================================================
--- docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
+++ docs/clang-tidy/checks/bugprone-misplaced-operator-in-strlen-in-alloc.rst
@@ -7,9 +7,10 @@
 ``strnlen()``, ``strnlen_s()``, ``wcslen()``, ``wcsnlen()``, and ``wcsnlen_s()``
 instead of the result and the value is used as an argument to a memory
 allocation function (``malloc()``, ``calloc()``, ``realloc()``, ``alloca()``).
-Cases where ``1`` is added both to the parameter and the result of the
-``strlen()``-like function are ignored, as are cases where the whole addition is
-surrounded by extra parentheses.
+The check detects error cases even if one of these functions is called by a
+constant function pointer.  Cases where ``1`` is added both to the parameter
+and the result of the ``strlen()``-like function are ignored, as are cases where
+the whole addition is surrounded by extra parentheses.
 
 Example code:
 
Index: clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
===================================================================
--- clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
+++ clang-tidy/bugprone/MisplacedOperatorInStrlenInAllocCheck.cpp
@@ -49,10 +49,23 @@
       functionDecl(anyOf(hasName("::calloc"), hasName("std::calloc"),
                          hasName("::realloc"), hasName("std::realloc")));
 
-  Finder->addMatcher(
-      callExpr(callee(Alloc0Func), hasArgument(0, BadArg)).bind("Alloc"), this);
-  Finder->addMatcher(
-      callExpr(callee(Alloc1Func), hasArgument(1, BadArg)).bind("Alloc"), this);
+  const auto Alloc0FuncPtr =
+      varDecl(hasType(isConstQualified()),
+              hasInitializer(ignoringParenImpCasts(
+                  declRefExpr(hasDeclaration(Alloc0Func)))));
+  const auto Alloc1FuncPtr =
+      varDecl(hasType(isConstQualified()),
+              hasInitializer(ignoringParenImpCasts(
+                  declRefExpr(hasDeclaration(Alloc1Func)))));
+
+  Finder->addMatcher(callExpr(callee(decl(anyOf(Alloc0Func, Alloc0FuncPtr))),
+                              hasArgument(0, BadArg))
+                         .bind("Alloc"),
+                     this);
+  Finder->addMatcher(callExpr(callee(decl(anyOf(Alloc1Func, Alloc1FuncPtr))),
+                              hasArgument(1, BadArg))
+                         .bind("Alloc"),
+                     this);
 }
 
 void MisplacedOperatorInStrlenInAllocCheck::check(

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to