CStringChecker.cpp Size argument is greater than the length of the destination buffer

[llvmbot]

Bugzilla Link	10919
Version	unspecified
OS	Windows XP
Reporter	LLVM Bugzilla Contributor
CC	@efriedma-quic,@AnnaZaks,@tkremenek

Extended Description

test example:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

typedef struct _XMLNode {
char* tag; /* Tag name */

} XMLNode;

int XML_parse_1string(char* str, XMLNode* xmlnode)
{
int n ,tag_end = 0;
n = 1+tag_end;
xmlnode->tag = (char*)malloc(n - tag_end);
if (xmlnode->tag == NULL) return 0;
strncpy(xmlnode->tag, str+1+tag_end, n-1-tag_end); //it is not a weakness
return 0;
}

this example result a weakness which is "Size argument is greater than the length of the destination buffer", but really it is not a weakness

[llvmbot]

assigned to @tkremenek

[llvmbot]

please fix this bug.

[efriedma-quic]

Thank you for filing a concise bug report. There are a limited number of LLVM developers, and many of us are quite busy, so it may take a while for someone to look at this issue.

[AnnaZaks]

I cannot reproduce this on TOT/MacOS with:
$ clang -cc1 -analyze -analyzer-checker=experimental.unix.CString example.c

So it's either fixed on TOT or it's a platform specific issue.

If it's the second case, could you provide the preprocessed file and the verbose command line to reproduce (you can get it by adding -v to the command you are using)?