Remove redundant invalidation in scanf

alejandro-alvarez-sonarsource · alejandro-alvarez-sonarsource · commit 26423cb30a5c · 2024-02-28T10:48:59.000+01:00
diff --git a/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp
@@ -180,27 +180,6 @@ struct FnDescription {
   ArgNoTy StreamArgNo;
 };
 
-[[nodiscard]] ProgramStateRef
-escapeArgsStartingFromIndex(ProgramStateRef State, CheckerContext &C,
-                            const CallEvent &Call,
-                            unsigned FirstEscapingArgIndex) {
-  const auto *CE = Call.getOriginExpr();
-  assert(CE);
-
-  if (Call.getNumArgs() <= FirstEscapingArgIndex)
-    return State;
-
-  SmallVector<SVal> EscapingArgs;
-  EscapingArgs.reserve(Call.getNumArgs() - FirstEscapingArgIndex);
-  for (auto EscArgIdx :
-       llvm::seq<int>(FirstEscapingArgIndex, Call.getNumArgs()))
-    EscapingArgs.push_back(Call.getArgSVal(EscArgIdx));
-  State = State->invalidateRegions(EscapingArgs, CE, C.blockCount(),
-                                   C.getLocationContext(),
-                                   /*CausesPointerEscape=*/false);
-  return State;
-}
-
 /// Get the value of the stream argument out of the passed call event.
 /// The call should contain a function that is described by Desc.
 SVal getStreamArg(const FnDescription *Desc, const CallEvent &Call) {
@@ -1054,10 +1033,6 @@ void StreamChecker::evalFscanf(const FnDescription *Desc, const CallEvent &Call,
   if (!E.Init(Desc, Call, C, State))
     return;
 
-  // The pointers passed to fscanf escape and get invalidated.
-  State =
-      escapeArgsStartingFromIndex(State, C, Call, /*FirstEscapingArgIndex=*/2);
-
   // Add the success state.
   // In this context "success" means there is not an EOF or other read error
   // before any item is matched in 'fscanf'. But there may be match failure,
diff --git a/clang/test/Analysis/stream.c b/clang/test/Analysis/stream.c
@@ -391,9 +391,15 @@ void test_fscanf_escape() {
   clang_analyzer_dump_char(buffer[2]); // expected-warning {{67 S8b}}
 
   int ret = fscanf(F1, "%d %u %s", &a, &b, buffer);
-  clang_analyzer_dump_int(a); // expected-warning {{conj_$}}
-  clang_analyzer_dump_int(b); // expected-warning {{conj_$}}
-  clang_analyzer_dump_char(buffer[2]); // expected-warning {{derived_$}}
+  if (ret != EOF) {
+    clang_analyzer_dump_int(a); // expected-warning {{conj_$}}
+    clang_analyzer_dump_int(b); // expected-warning {{conj_$}}
+    clang_analyzer_dump_char(buffer[2]); // expected-warning {{derived_$}}
+  } else {
+    clang_analyzer_dump_int(a); // expected-warning {{48 S32b}}
+    clang_analyzer_dump_int(b); // expected-warning {{127 S32b}}
+    clang_analyzer_dump_char(buffer[2]); // expected-warning {{67 S8b}}
+  }
 
   if (ret != EOF) {
     char c = fgetc(F1); // ok
