Change *BugReport constructors to take StringRefs.
- Eliminates many calls to std::string.c_str() - Fixes an invalid read in ReturnStackAddressChecker due to an unsafe call to StringRef.data() which doesn't guarantee null-termination. llvm-svn: 88779
This commit is contained in:
Benjamin Kramer
parent
ea956ddf0b
commit
f4c511b026
|
|
@ -81,10 +81,10 @@ public:
|
|||
getOriginalNode(const ExplodedNode* N) = 0;
|
||||
};
|
||||
|
||||
BugReport(BugType& bt, const char* desc, const ExplodedNode *n)
|
||||
BugReport(BugType& bt, llvm::StringRef desc, const ExplodedNode *n)
|
||||
: BT(bt), Description(desc), EndNode(n) {}
|
||||
|
||||
BugReport(BugType& bt, const char* shortDesc, const char* desc,
|
||||
BugReport(BugType& bt, llvm::StringRef shortDesc, llvm::StringRef desc,
|
||||
const ExplodedNode *n)
|
||||
: BT(bt), ShortDescription(shortDesc), Description(desc), EndNode(n) {}
|
||||
|
||||
|
|
@ -193,11 +193,11 @@ public:
|
|||
class RangedBugReport : public BugReport {
|
||||
std::vector<SourceRange> Ranges;
|
||||
public:
|
||||
RangedBugReport(BugType& D, const char* description, ExplodedNode *n)
|
||||
RangedBugReport(BugType& D, llvm::StringRef description, ExplodedNode *n)
|
||||
: BugReport(D, description, n) {}
|
||||
|
||||
RangedBugReport(BugType& D, const char *shortDescription,
|
||||
const char *description, ExplodedNode *n)
|
||||
RangedBugReport(BugType& D, llvm::StringRef shortDescription,
|
||||
llvm::StringRef description, ExplodedNode *n)
|
||||
: BugReport(D, shortDescription, description, n) {}
|
||||
|
||||
~RangedBugReport();
|
||||
|
|
@ -229,11 +229,11 @@ private:
|
|||
Creators creators;
|
||||
|
||||
public:
|
||||
EnhancedBugReport(BugType& D, const char* description, ExplodedNode *n)
|
||||
EnhancedBugReport(BugType& D, llvm::StringRef description, ExplodedNode *n)
|
||||
: RangedBugReport(D, description, n) {}
|
||||
|
||||
EnhancedBugReport(BugType& D, const char *shortDescription,
|
||||
const char *description, ExplodedNode *n)
|
||||
EnhancedBugReport(BugType& D, llvm::StringRef shortDescription,
|
||||
llvm::StringRef description, ExplodedNode *n)
|
||||
: RangedBugReport(D, shortDescription, description, n) {}
|
||||
|
||||
~EnhancedBugReport() {}
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ void ArrayBoundChecker::VisitLocation(CheckerContext &C, const Stmt *S, SVal l){
|
|||
|
||||
// Generate a report for this bug.
|
||||
RangedBugReport *report =
|
||||
new RangedBugReport(*BT, BT->getDescription().c_str(), N);
|
||||
new RangedBugReport(*BT, BT->getDescription(), N);
|
||||
|
||||
report->addRange(S->getSourceRange());
|
||||
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ void BadCallChecker::PreVisitCallExpr(CheckerContext &C, const CallExpr *CE) {
|
|||
"Called function pointer is a null or undefined pointer value");
|
||||
|
||||
EnhancedBugReport *R =
|
||||
new EnhancedBugReport(*BT, BT->getDescription().c_str(), N);
|
||||
new EnhancedBugReport(*BT, BT->getDescription(), N);
|
||||
|
||||
R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
|
||||
bugreporter::GetCalleeExpr(N));
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ void CallGraph::print(llvm::raw_ostream &os) {
|
|||
<< " calls:\n";
|
||||
for (CallGraphNode::iterator CI = I->second->begin(),
|
||||
CE = I->second->end(); CI != CE; ++CI) {
|
||||
os << " " << CI->second->getName().c_str();
|
||||
os << " " << CI->second->getName();
|
||||
}
|
||||
os << '\n';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,8 +65,7 @@ void CastToStructChecker::PreVisitCastExpr(CheckerContext &C,
|
|||
"Casting a non-structure type to a structure type "
|
||||
"and accessing a field can lead to memory access "
|
||||
"errors or data corruption.");
|
||||
RangedBugReport *R = new RangedBugReport(*BT,BT->getDescription().c_str(),
|
||||
N);
|
||||
RangedBugReport *R = new RangedBugReport(*BT,BT->getDescription(), N);
|
||||
R->addRange(CE->getSourceRange());
|
||||
C.EmitReport(R);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ void DereferenceChecker::VisitLocation(CheckerContext &C, const Stmt *S,
|
|||
BT_undef = new BuiltinBug("Dereference of undefined pointer value");
|
||||
|
||||
EnhancedBugReport *report =
|
||||
new EnhancedBugReport(*BT_undef, BT_undef->getDescription().c_str(), N);
|
||||
new EnhancedBugReport(*BT_undef, BT_undef->getDescription(), N);
|
||||
report->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
|
||||
bugreporter::GetDerefExpr(N));
|
||||
C.EmitReport(report);
|
||||
|
|
@ -93,7 +93,7 @@ void DereferenceChecker::VisitLocation(CheckerContext &C, const Stmt *S,
|
|||
"Dereference of null pointer");
|
||||
|
||||
EnhancedBugReport *report =
|
||||
new EnhancedBugReport(*BT_null, BT_null->getDescription().c_str(), N);
|
||||
new EnhancedBugReport(*BT_null, BT_null->getDescription(), N);
|
||||
report->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
|
||||
bugreporter::GetDerefExpr(N));
|
||||
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ void DivZeroChecker::PreVisitBinaryOperator(CheckerContext &C,
|
|||
BT = new BuiltinBug("Division by zero");
|
||||
|
||||
EnhancedBugReport *R =
|
||||
new EnhancedBugReport(*BT, BT->getDescription().c_str(), N);
|
||||
new EnhancedBugReport(*BT, BT->getDescription(), N);
|
||||
|
||||
R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
|
||||
bugreporter::GetDenomExpr(N));
|
||||
|
|
|
|||
|
|
@ -59,8 +59,7 @@ void FixedAddressChecker::PreVisitBinaryOperator(CheckerContext &C,
|
|||
"Using a fixed address is not portable because that "
|
||||
"address will probably not be valid in all "
|
||||
"environments or platforms.");
|
||||
RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription().c_str(),
|
||||
N);
|
||||
RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription(), N);
|
||||
R->addRange(B->getRHS()->getSourceRange());
|
||||
C.EmitReport(R);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ void MallocChecker::FreeMem(CheckerContext &C, const CallExpr *CE) {
|
|||
"Try to free a memory block that has been released");
|
||||
// FIXME: should find where it's freed last time.
|
||||
BugReport *R = new BugReport(*BT_DoubleFree,
|
||||
BT_DoubleFree->getDescription().c_str(), N);
|
||||
BT_DoubleFree->getDescription(), N);
|
||||
C.EmitReport(R);
|
||||
}
|
||||
return;
|
||||
|
|
@ -152,7 +152,7 @@ void MallocChecker::EvalDeadSymbols(CheckerContext &C, const Stmt *S,
|
|||
"Allocated memory never released. Potential memory leak.");
|
||||
// FIXME: where it is allocated.
|
||||
BugReport *R = new BugReport(*BT_Leak,
|
||||
BT_Leak->getDescription().c_str(), N);
|
||||
BT_Leak->getDescription(), N);
|
||||
C.EmitReport(R);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,8 +59,7 @@ void PointerArithChecker::PreVisitBinaryOperator(CheckerContext &C,
|
|||
"Pointer arithmetic done on non-array variables "
|
||||
"means reliance on memory layout, which is "
|
||||
"dangerous.");
|
||||
RangedBugReport *R = new RangedBugReport(*BT,BT->getDescription().c_str(),
|
||||
N);
|
||||
RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription(), N);
|
||||
R->addRange(B->getSourceRange());
|
||||
C.EmitReport(R);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,8 +66,7 @@ void PointerSubChecker::PreVisitBinaryOperator(CheckerContext &C,
|
|||
BT = new BuiltinBug("Pointer subtraction",
|
||||
"Subtraction of two pointers that do not point to "
|
||||
"the same memory chunk may cause incorrect result.");
|
||||
RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription().c_str(),
|
||||
N);
|
||||
RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription(), N);
|
||||
R->addRange(B->getSourceRange());
|
||||
C.EmitReport(R);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C,
|
|||
|
||||
// Generate a report for this bug.
|
||||
RangedBugReport *report =
|
||||
new RangedBugReport(*BT, BT->getDescription().c_str(), N);
|
||||
new RangedBugReport(*BT, BT->getDescription(), N);
|
||||
|
||||
report->addRange(RetE->getSourceRange());
|
||||
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ void ReturnStackAddressChecker::PreVisitReturnStmt(CheckerContext &C,
|
|||
<< R->getString() << "' returned.";
|
||||
}
|
||||
|
||||
RangedBugReport *report = new RangedBugReport(*BT, os.str().data(), N);
|
||||
RangedBugReport *report = new RangedBugReport(*BT, os.str(), N);
|
||||
report->addRange(RS->getSourceRange());
|
||||
if (range.isValid())
|
||||
report->addRange(range);
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ void ReturnUndefChecker::PreVisitReturnStmt(CheckerContext &C,
|
|||
"Undefined or garbage value returned to caller");
|
||||
|
||||
EnhancedBugReport *report =
|
||||
new EnhancedBugReport(*BT, BT->getDescription().c_str(), N);
|
||||
new EnhancedBugReport(*BT, BT->getDescription(), N);
|
||||
|
||||
report->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, RetE);
|
||||
|
||||
|
|
|
|||
|
|
@ -46,8 +46,7 @@ void UndefinedArgChecker::PreVisitCallExpr(CheckerContext &C,
|
|||
BT = new BuiltinBug("Pass-by-value argument in function call is "
|
||||
"undefined");
|
||||
// Generate a report for this bug.
|
||||
EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName().c_str(),
|
||||
N);
|
||||
EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName(), N);
|
||||
R->addRange((*I)->getSourceRange());
|
||||
R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, *I);
|
||||
C.EmitReport(R);
|
||||
|
|
|
|||
|
|
@ -46,8 +46,7 @@ UndefinedArraySubscriptChecker::PreVisitArraySubscriptExpr(CheckerContext &C,
|
|||
BT = new BuiltinBug("Array subscript is undefined");
|
||||
|
||||
// Generate a report for this bug.
|
||||
EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName().c_str(),
|
||||
N);
|
||||
EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName(), N);
|
||||
R->addRange(A->getIdx()->getSourceRange());
|
||||
R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
|
||||
A->getIdx());
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ void UndefinedAssignmentChecker::PreVisitBind(CheckerContext &C,
|
|||
BT = new BuiltinBug("Assigned value is garbage or undefined");
|
||||
|
||||
// Generate a report for this bug.
|
||||
EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName().c_str(), N);
|
||||
EnhancedBugReport *R = new EnhancedBugReport(*BT, BT->getName(), N);
|
||||
|
||||
if (AssignE) {
|
||||
const Expr *ex = 0;
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ void VLASizeChecker::PreVisitDeclStmt(CheckerContext &C, const DeclStmt *DS) {
|
|||
"garbage value as its size");
|
||||
|
||||
EnhancedBugReport *report =
|
||||
new EnhancedBugReport(*BT_undef, BT_undef->getName().c_str(), N);
|
||||
new EnhancedBugReport(*BT_undef, BT_undef->getName(), N);
|
||||
report->addRange(SE->getSourceRange());
|
||||
report->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, SE);
|
||||
C.EmitReport(report);
|
||||
|
|
@ -84,7 +84,7 @@ void VLASizeChecker::PreVisitDeclStmt(CheckerContext &C, const DeclStmt *DS) {
|
|||
"size");
|
||||
|
||||
EnhancedBugReport *report =
|
||||
new EnhancedBugReport(*BT_zero, BT_zero->getName().c_str(), N);
|
||||
new EnhancedBugReport(*BT_zero, BT_zero->getName(), N);
|
||||
report->addRange(SE->getSourceRange());
|
||||
report->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue, SE);
|
||||
C.EmitReport(report);
|
||||
|
|
|
|||
Loading…
Reference in New Issue