microsoft
/
clang-1
зеркало из https://github.com/microsoft/clang-1.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Sema: Warn on sizeof on binary ops on decayed arrays. 

The array will decay into a pointer, creating an unexpected result.
sizeof(array + int) is an easy to make typo for sizeof(array) + int.

This was motivated by a NetBSD security bug, used sizeof(key - r) instead of
sizeof(key) - r, reducing entropy in a random number generator.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/subr_cprng.c.diff?r1=1.14&r2=1.15&only_with_tag=MAIN&f=h

Differential Revision: http://llvm-reviews.chandlerc.com/D571

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178371 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Benjamin Kramer 2013-03-29 21:43:21 +00:00
Родитель 9b97adfb77
Коммит 52b2e7085f
6 изменённых файлов: 54 добавлений и 2 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
include/clang/Basic/DiagnosticGroups.td
Просмотреть файл

@ -215,6 +215,7 @@ def : DiagGroup<"stack-protector">;
def : DiagGroup<"switch-default">; def : DiagGroup<"switch-default">;
def : DiagGroup<"synth">; def : DiagGroup<"synth">;
def SizeofArrayArgument : DiagGroup<"sizeof-array-argument">; def SizeofArrayArgument : DiagGroup<"sizeof-array-argument">;
def SizeofArrayDecay : DiagGroup<"sizeof-array-decay">;
def SizeofPointerMemaccess : DiagGroup<"sizeof-pointer-memaccess">; def SizeofPointerMemaccess : DiagGroup<"sizeof-pointer-memaccess">;
def StaticInInline : DiagGroup<"static-in-inline">; def StaticInInline : DiagGroup<"static-in-inline">;
def GNUStaticFloatInit : DiagGroup<"gnu-static-float-init">; def GNUStaticFloatInit : DiagGroup<"gnu-static-float-init">;
@ -421,6 +422,7 @@ def Most : DiagGroup<"most", [
ReturnType, ReturnType,
SelfAssignment, SelfAssignment,
SizeofArrayArgument, SizeofArrayArgument,
SizeofArrayDecay,
StringPlusInt, StringPlusInt,
Trigraphs, Trigraphs,
Uninitialized, Uninitialized,

4
include/clang/Basic/DiagnosticSemaKinds.td
Просмотреть файл

@ -4033,6 +4033,10 @@ def warn_sizeof_array_param : Warning<
"sizeof on array function parameter will return size of %0 instead of %1">, "sizeof on array function parameter will return size of %0 instead of %1">,
InGroup<SizeofArrayArgument>; InGroup<SizeofArrayArgument>;
def warn_sizeof_array_decay : Warning<
"sizeof on pointer operation will return size of %0 instead of %1">,
InGroup<SizeofArrayDecay>;
def err_sizeof_nonfragile_interface : Error< def err_sizeof_nonfragile_interface : Error<
"application of '%select{alignof|sizeof}1' to interface %0 is " "application of '%select{alignof|sizeof}1' to interface %0 is "
"not supported on this architecture and platform">; "not supported on this architecture and platform">;

28
lib/Sema/SemaExpr.cpp
Просмотреть файл

@ -3089,6 +3089,24 @@ static bool CheckObjCTraitOperandConstraints(Sema &S, QualType T,
return false; return false;
} }
/// \brief Check whether E is a pointer from a decayed array type (the decayed
/// pointer type is equal to T) and emit a warning if it is.
static void warnOnSizeofOnArrayDecay(Sema &S, SourceLocation Loc, QualType T,
Expr *E) {
// Don't warn if the operation changed the type.
if (T != E->getType())
return;
// Now look for array decays.
ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(E);
if (!ICE || ICE->getCastKind() != CK_ArrayToPointerDecay)
return;
S.Diag(Loc, diag::warn_sizeof_array_decay) << ICE->getSourceRange()
<< ICE->getType()
<< ICE->getSubExpr()->getType();
}
/// \brief Check the constrains on expression operands to unary type expression /// \brief Check the constrains on expression operands to unary type expression
/// and type traits. /// and type traits.
/// ///
@ -3142,6 +3160,16 @@ bool Sema::CheckUnaryExprOrTypeTraitOperand(Expr *E,
} }
} }
} }
// Warn on "sizeof(array op x)" and "sizeof(x op array)", where the array
// decays into a pointer and returns an unintended result. This is most
// likely a typo for "sizeof(array) op x".
if (BinaryOperator *BO = dyn_cast<BinaryOperator>(E->IgnoreParens())) {
warnOnSizeofOnArrayDecay(*this, BO->getOperatorLoc(), BO->getType(),
BO->getLHS());
warnOnSizeofOnArrayDecay(*this, BO->getOperatorLoc(), BO->getType(),
BO->getRHS());
}
} }
return false; return false;

2
test/Sema/expr-comma-c99.c
Просмотреть файл

@ -1,4 +1,4 @@
// RUN: %clang_cc1 %s -fsyntax-only -verify -std=c99 // RUN: %clang_cc1 %s -fsyntax-only -verify -std=c99 -Wno-sizeof-array-decay
// expected-no-diagnostics // expected-no-diagnostics
// rdar://6095180 // rdar://6095180

2
test/Sema/expr-comma.c
Просмотреть файл

@ -1,4 +1,4 @@
// RUN: %clang_cc1 %s -fsyntax-only -verify -std=c89 // RUN: %clang_cc1 %s -fsyntax-only -verify -std=c89 -Wno-sizeof-array-decay
// expected-no-diagnostics // expected-no-diagnostics
// rdar://6095180 // rdar://6095180

18
test/Sema/warn-sizeof-array-decay.c Normal file
Просмотреть файл

@ -0,0 +1,18 @@
// RUN: %clang_cc1 -fsyntax-only -verify %s
void f(int x) {
char foo[10];
int bar[20];
char qux[30];
(void)sizeof(bar + 10); // expected-warning{{sizeof on pointer operation will return size of 'int *' instead of 'int [20]'}}
(void)sizeof(foo - 20); // expected-warning{{sizeof on pointer operation will return size of 'char *' instead of 'char [10]'}}
(void)sizeof(bar - x); // expected-warning{{sizeof on pointer operation will return size of 'int *' instead of 'int [20]'}}
(void)sizeof(foo + x); // expected-warning{{sizeof on pointer operation will return size of 'char *' instead of 'char [10]'}}
// This is ptrdiff_t.
(void)sizeof(foo - qux); // no-warning
(void)sizeof(foo, x); // no-warning
(void)sizeof(x, foo); // expected-warning{{sizeof on pointer operation will return size of 'char *' instead of 'char [10]'}}
}