compare two array size

Clang Frontend
1

Hello,
I try to see if a checker in a strcpy, the source array size is larger
than the destination array size (overflow).
Here is the piece of code that test and that does not work ...

........
//CE->getArg(1) == src in strcpy
//CE->getArg(1) == dst in strcpy
if(isSizeOverflow(CE->getArg(1),CE->getArg(0), C)){
       //Overflow is possible
}
.......
bool StrcpyCheckOverflow::isSizeOverflow(const Expr *Esrc, const Expr
*Edst, CheckerContext &C) {
QualType ElTydst = Edst->getType()->getPointeeType();
QualType ElTysrc = Esrc->getType()->getPointeeType();
CharUnits BufSrcSize = C.getASTContext().getTypeSizeInChars(ElTysrc);
CharUnits BufDstSize = C.getASTContext().getTypeSizeInChars(ElTydst);
if(BufSrcSize>BufDstSize) return true;
return false;
}

On test code:

#include <stdio.h>
#include <string.h>
int main(){
char addr[16];
char buffer[8];
  scanf("%s", addr);
  strcpy(buffer, addr);
  return 0;
}

Would you or what is the problem?
thank you

2

Hi, Lionel. You're asking for the /element/ type of the two arrays, but really you want the arrays themselves (i.e. you don't need "getPointeeType()").

BTW, there is a number of similar checks already implemented in CStringChecker.cpp; most of them are just turned off because a number of the checks are expensive and the path diagnostics are sub-par. (In your case, for instance, you could be copying from a very large /buffer/ but already checked that its strlen() is small enough. It's these sorts of weird conditions that make CStringChceker less effective.)

Hope that helps; please feel free to ask more questions about the analyzer infrastructure.
Jordan