gcc.gnu.org Git - gcc.git/commit

author	David Malcolm <dmalcolm@redhat.com>
	Thu, 24 Aug 2023 14:24:38 +0000 (10:24 -0400)
committer	David Malcolm <dmalcolm@redhat.com>
	Thu, 24 Aug 2023 14:24:38 +0000 (10:24 -0400)
commit	0ae07a7203dd24f90e49d025046e61ef90a9fd18
tree	24a8894de7abb2cd63a987b2c2275e9b01fdb74c	tree
parent	5ef89c5c2f52a2c47fd26845d1f73e20b9081fc9	commit \| diff

analyzer: reimplement kf_strcpy [PR105899]

This patch reimplements the analyzer's implementation of strcpy using
the region_model::scan_for_null_terminator infrastructure, so that e.g.
it can complain about out-of-bounds reads/writes, unterminated strings,
etc.

gcc/analyzer/ChangeLog:
PR analyzer/105899
* kf.cc (kf_strcpy::impl_call_pre): Reimplement using
check_for_null_terminated_string_arg.
* region-model.cc (region_model::get_store_bytes): Shortcut
reading all of a string_region.
(region_model::scan_for_null_terminator): Use get_store_value for
the bytes rather than "unknown" when returning an unknown length.
(region_model::write_bytes): New.
* region-model.h (region_model::write_bytes): New decl.

gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/out-of-bounds-diagram-16.c: New test.
* gcc.dg/analyzer/strcpy-1.c: Add test coverage.
* gcc.dg/analyzer/strcpy-3.c: Likewise.
* gcc.dg/analyzer/strcpy-4.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

gcc/analyzer/kf.cc		diff \| blob \| blame \| history
gcc/analyzer/region-model.cc		diff \| blob \| blame \| history
gcc/analyzer/region-model.h		diff \| blob \| blame \| history
gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-16.c	[new file with mode: 0644]	blob
gcc/testsuite/gcc.dg/analyzer/strcpy-1.c		diff \| blob \| blame \| history
gcc/testsuite/gcc.dg/analyzer/strcpy-3.c		diff \| blob \| blame \| history
gcc/testsuite/gcc.dg/analyzer/strcpy-4.c	[new file with mode: 0644]	blob