[StaticAnalyzer] Relax the pre-condition of 'setsockopt' #130683
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For the unix function `int setsockopt(int, int, int, const void *, socklen_t);`, the last two parameters represent a buffer and a size. In case the size is zero, buffer can be null. Previously, the hard-coded pre-condition requires the buffer to never be null, which can cause false positives. (rdar://146678142)
ziqingluo-90
requested review from
NagyDonat,
Xazax-hun,
balazske,
haoNoQ and
steakhal
llvmbot
added
clang
Member
|
@llvm/pr-subscribers-clang @llvm/pr-subscribers-clang-static-analyzer-1 Author: Ziqing Luo (ziqingluo-90) ChangesFor the unix function In case the size is zero, buffer can be null. Previously, the hard-coded pre-condition requires the buffer to never be null, which can cause false positives. (rdar://146678142) Full diff: https://github.com/llvm/llvm-project/pull/130683.diff 2 Files Affected:
diff --git a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
index 356d63e3e8b80..fef19b4547555 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
@@ -1797,7 +1797,8 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
auto IsNull = [&](ArgNo ArgN) {
return std::make_shared<NotNullConstraint>(ArgN, false);
};
- auto NotNullBuffer = [&](ArgNo ArgN, ArgNo SizeArg1N, ArgNo SizeArg2N) {
+ auto NotNullBuffer = [&](ArgNo ArgN, ArgNo SizeArg1N,
+ std::optional<ArgNo> SizeArg2N = std::nullopt) {
return std::make_shared<NotNullBufferConstraint>(ArgN, SizeArg1N,
SizeArg2N);
};
@@ -3365,7 +3366,7 @@ void StdLibraryFunctionsChecker::initFunctionSummaries(
Summary(NoEvalCall)
.Case(ReturnsZero, ErrnoMustNotBeChecked, GenericSuccessMsg)
.Case(ReturnsMinusOne, ErrnoNEZeroIrrelevant, GenericFailureMsg)
- .ArgConstraint(NotNull(ArgNo(3)))
+ .ArgConstraint(NotNullBuffer(ArgNo(3), ArgNo(4)))
.ArgConstraint(
BufferSize(/*Buffer=*/ArgNo(3), /*BufSize=*/ArgNo(4)))
.ArgConstraint(
diff --git a/clang/test/Analysis/std-c-library-functions-POSIX.c b/clang/test/Analysis/std-c-library-functions-POSIX.c
index b53f3132b8687..f6d88e6c1502d 100644
--- a/clang/test/Analysis/std-c-library-functions-POSIX.c
+++ b/clang/test/Analysis/std-c-library-functions-POSIX.c
@@ -237,3 +237,14 @@ void test_readlinkat_bufsize_zero(int fd, char *Buf, size_t Bufsize) {
else
clang_analyzer_eval(Bufsize == 0); // expected-warning{{UNKNOWN}}
}
+
+void test_setsockopt_bufptr_null(int x) {
+ char buf[10] = {0};
+
+ setsockopt(1, 2, 3, 0, 0);
+ setsockopt(1, 2, 3, buf, 10);
+ if (x)
+ setsockopt(1, 2, 3, buf, 11); // expected-warning{{The 4th argument to 'setsockopt' is a buffer with size 10 but should be a buffer with size equal to or greater than the value of the 5th argument (which is 11)}}
+ else
+ setsockopt(1, 2, 3, 0, 10); // expected-warning{{The 4th argument to 'setsockopt' is NULL but should not be NULL}}
+}
|
ziqingluo-90
requested review from
Szelethus,
jkorous-apple,
malavikasamak and
t-rasmud
Contributor
Author
|
CC @dtarditi |
Contributor
Author
|
While the change is straightforward, I'd like to discuss about the following two constraints:
In general, how is the negation of a constraint used? Will |
Collaborator
|
This change looks good to me. I think you could open PRs for the questions you brought up and we could sort them out in the review process. |
steakhal
approved these changes
Mar 11, 2025
Contributor
steakhal
left a comment
steakhal
left a comment
There was a problem hiding this comment.
Thanks for the fix. Your raised points also make sense to me.
Contributor
Author
|
Thanks for reviewing! I will create another PR for my questions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For the unix function
int setsockopt(int, int, int, const void *, socklen_t);, the last two parameters represent a buffer and a size.In case the size is zero, buffer can be null. Previously, the hard-coded pre-condition requires the buffer to never be null, which can cause false positives.
(rdar://146678142)