Merge pull request swiftlang#9619 from swiftlang/msamak-cherrypick-fp-stringliterals

malavikasamak · web-flow · commit 4ac4822eeb33 · 2024-11-19T07:41:09.000+05:30
[Cherry-Pick][Wunsafe-buffer-usage] Fix false positives in handling string literals. (llvm#115552)
diff --git a/clang/lib/Analysis/UnsafeBufferUsage.cpp b/clang/lib/Analysis/UnsafeBufferUsage.cpp
@@ -436,21 +436,31 @@ AST_MATCHER(ArraySubscriptExpr, isSafeArraySubscript) {
 
   const auto *BaseDRE =
       dyn_cast<DeclRefExpr>(Node.getBase()->IgnoreParenImpCasts());
-  if (!BaseDRE)
-    return false;
-  if (!BaseDRE->getDecl())
-    return false;
-  const auto *CATy = Finder->getASTContext().getAsConstantArrayType(
-      BaseDRE->getDecl()->getType());
-  if (!CATy)
+  const auto *SLiteral =
+      dyn_cast<StringLiteral>(Node.getBase()->IgnoreParenImpCasts());
+  uint64_t size;
+
+  if (!BaseDRE && !SLiteral)
     return false;
 
+  if (BaseDRE) {
+    if (!BaseDRE->getDecl())
+      return false;
+    const auto *CATy = Finder->getASTContext().getAsConstantArrayType(
+        BaseDRE->getDecl()->getType());
+    if (!CATy) {
+      return false;
+    }
+    size = CATy->getLimitedSize();
+  } else if (SLiteral) {
+    size = SLiteral->getLength() + 1;
+  }
+
   if (const auto *IdxLit = dyn_cast<IntegerLiteral>(Node.getIdx())) {
     const APInt ArrIdx = IdxLit->getValue();
     // FIXME: ArrIdx.isNegative() we could immediately emit an error as that's a
     // bug
-    if (ArrIdx.isNonNegative() &&
-        ArrIdx.getLimitedValue() < CATy->getLimitedSize())
+    if (ArrIdx.isNonNegative() && ArrIdx.getLimitedValue() < size)
       return true;
   }
 
diff --git a/clang/test/SemaCXX/warn-unsafe-buffer-usage-array.cpp b/clang/test/SemaCXX/warn-unsafe-buffer-usage-array.cpp
@@ -38,3 +38,17 @@ void constant_idx_unsafe(unsigned idx) {
                         // expected-note@-1{{change type of 'buffer' to 'std::array' to label it for hardening}}
   buffer[10] = 0;       // expected-note{{used in buffer access here}}
 }
+
+void constant_id_string(unsigned idx) {
+  char safe_char = "abc"[1]; // no-warning
+  safe_char = ""[0];
+  safe_char = "\0"[0];
+ 
+  char abcd[5] = "abc";
+  abcd[2]; // no-warning
+
+  char unsafe_char = "abc"[3];
+  unsafe_char = "abc"[-1]; //expected-warning{{unsafe buffer access}}
+  unsafe_char = ""[1]; //expected-warning{{unsafe buffer access}} 
+  unsafe_char = ""[idx]; //expected-warning{{unsafe buffer access}}
+}
