Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[core/clib] Clang-Tidy Clazy warnings #7422

Closed
ferdymercury opened this issue Mar 9, 2021 · 4 comments
Closed

[core/clib] Clang-Tidy Clazy warnings #7422

ferdymercury opened this issue Mar 9, 2021 · 4 comments
Assignees
@dpiparo
Labels
bug in:Core Libraries priority:low

Comments

@ferdymercury
Copy link
Contributor 

/opt/root_src/core/clib/src/Demangle.c:326:10: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:326
/opt/root_src/core/clib/src/Demangle.c:327:10: warning: Call to function 'strncat' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncat_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'strncat' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncat_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:327
/opt/root_src/core/clib/src/Demangle.c:344:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:344
/opt/root_src/core/clib/src/Demangle.c:345:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:345
/opt/root_src/core/clib/src/Demangle.c:361:19: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:361
/opt/root_src/core/clib/src/Demangle.c:362:19: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:362
/opt/root_src/core/clib/src/Demangle.c:385:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:385
/opt/root_src/core/clib/src/Demangle.c:386:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:386
/opt/root_src/core/clib/src/Demangle.c:387:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:387
/opt/root_src/core/clib/src/Demangle.c:401:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:401
/opt/root_src/core/clib/src/Demangle.c:402:16: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:402
/opt/root_src/core/clib/src/Demangle.c:416:10: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
 1: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 in /opt/root_src/core/clib/src/Demangle.c:416
/opt/root_src/core/clib/src/Demangle.c:417:10: warning: Call to function 'strncat' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncat_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'strncat' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncat_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:417
/opt/root_src/core/clib/src/Demangle.c:505:7: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:505
/opt/root_src/core/clib/src/Demangle.c:1316:22: warning: Null pointer passed to 1st parameter expecting 'nonnull' [clang-analyzer-core.NonNullParamChecker]
 1: Assuming 'mangled' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:503
 2: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:503
 3: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:503
 4: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:503
 5: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:507
 6: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:507
 7: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:519
 8: expanded from macro 'AUTO_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:56
 9: Left side of '||' is false in /opt/root_src/core/clib/src/Demangle.c:519
10: expanded from macro 'AUTO_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:56
11: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:519
12: expanded from macro 'GNU_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:57
13: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:519
14: 'success' is 0 in /opt/root_src/core/clib/src/Demangle.c:523
15: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:523
16: Calling 'demangle_prefix' in /opt/root_src/core/clib/src/Demangle.c:525
17: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1237
18: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1237
19: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1256
20: expanded from macro 'ARM_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:59
21: expanded from macro 'CURRENT_DEMANGLING_STYLE' in /opt/root_src/core/clib/src/Demangle.c:30
22: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1256
23: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1262
24: Assuming 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1278
25: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:1278
26: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1278
27: Loop condition is false.  Exiting loop in /opt/root_src/core/clib/src/Demangle.c:1276
28: 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1280
29: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:1280
30: 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1283
31: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:1283
32: Assuming 'i' is > 2 in /opt/root_src/core/clib/src/Demangle.c:1288
33: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:1288
34: 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1294
35: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1294
36: Field 'static_type' is 0 in /opt/root_src/core/clib/src/Demangle.c:1298
37: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1298
38: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:1305
39: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:1305
40: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:1306
41: expanded from macro 'isdigit' in /usr/include/ctype.h:192
42: expanded from macro '__isctype' in /usr/include/ctype.h:89
43: Left side of '||' is true in /opt/root_src/core/clib/src/Demangle.c:1306
44: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:1311
45: expanded from macro 'LUCID_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:58
46: Left side of '||' is true in /opt/root_src/core/clib/src/Demangle.c:1311
47: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:1311
48: expanded from macro 'isdigit' in /usr/include/ctype.h:192
49: expanded from macro '__isctype' in /usr/include/ctype.h:89
50: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:1311
51: Value assigned to 'mangled' in /opt/root_src/core/clib/src/Demangle.c:1314
52: Calling 'string_append' in /opt/root_src/core/clib/src/Demangle.c:1315
53: Assuming 's' is equal to NULL in /opt/root_src/core/clib/src/Demangle.c:2679
54: Left side of '||' is true in /opt/root_src/core/clib/src/Demangle.c:2679
55: Returning from 'string_append' in /opt/root_src/core/clib/src/Demangle.c:1315
56: Null pointer passed to 1st parameter expecting 'nonnull' in /opt/root_src/core/clib/src/Demangle.c:1316
/opt/root_src/core/clib/src/Demangle.c:1528:10: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:1528
/opt/root_src/core/clib/src/Demangle.c:1910:34: warning: Array access (via field 'typevec') results in a null pointer dereference [clang-analyzer-core.NullDereference]
 1: Assuming 'mangled' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:503
 2: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:503
 3: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:503
 4: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:503
 5: Null pointer value stored to field 'typevec' in /opt/root_src/core/clib/src/Demangle.c:505
 6: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:507
 7: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:507
 8: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:519
 9: expanded from macro 'AUTO_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:56
10: Left side of '||' is false in /opt/root_src/core/clib/src/Demangle.c:519
11: expanded from macro 'AUTO_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:56
12: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:519
13: expanded from macro 'GNU_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:57
14: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:519
15: 'success' is 0 in /opt/root_src/core/clib/src/Demangle.c:523
16: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:523
17: Calling 'demangle_prefix' in /opt/root_src/core/clib/src/Demangle.c:525
18: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1237
19: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1237
20: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1256
21: expanded from macro 'ARM_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:59
22: expanded from macro 'CURRENT_DEMANGLING_STYLE' in /opt/root_src/core/clib/src/Demangle.c:30
23: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1256
24: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1262
25: Assuming 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1278
26: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:1278
27: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1278
28: Loop condition is false.  Exiting loop in /opt/root_src/core/clib/src/Demangle.c:1276
29: 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1280
30: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:1280
31: 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1283
32: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:1283
33: Assuming 'i' is <= 2 in /opt/root_src/core/clib/src/Demangle.c:1288
34: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1288
35: 'scan' is not equal to NULL in /opt/root_src/core/clib/src/Demangle.c:1294
36: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1294
37: Field 'static_type' is 0 in /opt/root_src/core/clib/src/Demangle.c:1298
38: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1298
39: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1305
40: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1305
41: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1329
42: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:1353
43: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:1361
44: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:1361
45: Calling 'demangle_function_name' in /opt/root_src/core/clib/src/Demangle.c:1366
46: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:2480
47: expanded from macro 'LUCID_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:58
48: Left side of '||' is false in /opt/root_src/core/clib/src/Demangle.c:2480
49: expanded from macro 'LUCID_DEMANGLING' in /opt/root_src/core/clib/res/Demangle.h:58
50: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:2480
51: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:2502
52: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:2503
53: Left side of '&&' is false in /opt/root_src/core/clib/src/Demangle.c:2504
54: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:2541
55: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:2541
56: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:2541
57: Assuming the condition is true in /opt/root_src/core/clib/src/Demangle.c:2542
58: Taking true branch in /opt/root_src/core/clib/src/Demangle.c:2541
59: Calling 'do_type' in /opt/root_src/core/clib/src/Demangle.c:2546
60: 'success' is 1 in /opt/root_src/core/clib/src/Demangle.c:1860
61: Left side of '&&' is true in /opt/root_src/core/clib/src/Demangle.c:1860
62: Loop condition is true.  Entering loop body in /opt/root_src/core/clib/src/Demangle.c:1860
63: Control jumps to 'case 84:'  at line 1902 in /opt/root_src/core/clib/src/Demangle.c:1863
64: Calling 'get_count' in /opt/root_src/core/clib/src/Demangle.c:1904
65: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1810
66: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1810
67: Assuming the condition is false in /opt/root_src/core/clib/src/Demangle.c:1818
68: expanded from macro 'isdigit' in /usr/include/ctype.h:192
69: expanded from macro '__isctype' in /usr/include/ctype.h:89
70: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1818
71: Returning the value 1, which participates in a condition later in /opt/root_src/core/clib/src/Demangle.c:1836
72: Returning from 'get_count' in /opt/root_src/core/clib/src/Demangle.c:1904
73: Left side of '||' is false in /opt/root_src/core/clib/src/Demangle.c:1904
74: Assuming 'n' is < field 'ntypes' in /opt/root_src/core/clib/src/Demangle.c:1904
75: Taking false branch in /opt/root_src/core/clib/src/Demangle.c:1904
76: Array access (via field 'typevec') results in a null pointer dereference in /opt/root_src/core/clib/src/Demangle.c:1910
/opt/root_src/core/clib/src/Demangle.c:2264:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:2264
/opt/root_src/core/clib/src/Demangle.c:2683:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:2683
/opt/root_src/core/clib/src/Demangle.c:2697:7: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:2697
/opt/root_src/core/clib/src/Demangle.c:2711:7: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:2711
/opt/root_src/core/clib/src/Demangle.c:2752:7: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/Demangle.c:2752
/opt/root_src/core/clib/src/attach.c:146:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 in /opt/root_src/core/clib/src/attach.c:146
/opt/root_src/core/clib/src/attach.c:147:3: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 in /opt/root_src/core/clib/src/attach.c:147
/opt/root_src/core/clib/src/attach.c:186:7: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/attach.c:186
/opt/root_src/core/clib/src/mcalloc.c:39:7: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 in /opt/root_src/core/clib/src/mcalloc.c:39
/opt/root_src/core/clib/src/mmalloc.c:74:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 in /opt/root_src/core/clib/src/mmalloc.c:74
/opt/root_src/core/clib/src/mmalloc.c:115:7: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 in /opt/root_src/core/clib/src/mmalloc.c:115
/opt/root_src/core/clib/src/mmalloc.c:116:7: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/mmalloc.c:116
/opt/root_src/core/clib/src/mrealloc.c:77:16: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/mrealloc.c:77
/opt/root_src/core/clib/src/mrealloc.c:120:16: warning: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memmove' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memmove_s' in case of C11 in /opt/root_src/core/clib/src/mrealloc.c:120
/opt/root_src/core/clib/src/mrealloc.c:142:13: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
 1: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 in /opt/root_src/core/clib/src/mrealloc.c:142
/opt/root_src/core/clib/src/Demangle.c
/opt/root_src/core/clib/src/attach.c
/opt/root_src/core/clib/src/mcalloc.c
/opt/root_src/core/clib/src/mmalloc.c
/opt/root_src/core/clib/src/mrealloc.c
@guitargeek
Copy link
Contributor

Hello @ferdymercury! Can you explain us how you got these warning, so we can reproduce the warnings and try to address them?

@guitargeek guitargeek mentioned this issue Sep 28, 2023
Closed
@ferdymercury
Copy link
Contributor Author

ferdymercury commented Sep 29, 2023
edited by guitargeek
Loading

Hi! I get these warnings when using QtCreator:

image

Clang-tidy defaults enable the security analyzer:

image

Behind the scenes, it calls something like:

/opt/Qt/Tools/QtCreator/libexec/qtcreator/clang/bin/clang-tidy '-config={}' '-checks=-clang-diagnostic-*' -export-fixes=/tmp/QtCreator-mNGsvX/clangtools-BaPBuq/report-gawkapi.h-jpJtvv /usr/include/gawkapi.h -- -Wno-unknown-pragmas -Wno-unknown-warning-option -Wno-documentation-unknown-command -w -nostdinc -nostdinc++ -std=c++17 -pipe -fsigned-char -pthread -fno-semantic-interposition -fPIC -fno-semantic-interposition -fvisibility-inlines-hidden -ffunction-sections -fdata-sections -g -fvisibility=hidden -fvisibility-inlines-hidden -UNDEBUG -std=c++17 -fno-exceptions -fsyntax-only -m64 --target=x86_64-linux-gnu -x c++ -D_DEBUG -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -I/home/user/builds/build-root_src-Desktop-Debug/interpreter/llvm-project/llvm/lib/Support -I/opt/root_src/interpreter/llvm-project/llvm/lib/Support -I/home/user/builds/build-root_src-Desktop-Debug/interpreter/llvm-project/llvm/include -I/opt/root_src/interpreter/llvm-project/llvm/include -isystem /usr/include/c++/11 -isystem /usr/include/x86_64-linux-gnu/c++/11 -isystem /usr/include/c++/11/backward -isystem /usr/local/include -isystem /opt/Qt/Tools/QtCreator/libexec/qtcreator/clang/lib/clang/16/include -isystem /usr/include/x86_64-linux-gnu -isystem /usr/include

@guitargeek
Copy link
Contributor

Thanks! Especially for the the '-checks=-clang-diagnostic-*', which is the important ingredient here.

@dpiparo dpiparo assigned dpiparo and unassigned Axel-Naumann Mar 24, 2024
@guitargeek
Copy link
Contributor

I finally learned how to reproduce these kind of warnings with a new version of the LLVM tools.

You need to make sure that the relevant ROOT subdirectory is compiled with set(CMAKE_EXPORT_COMPILE_COMMANDS 1) (it also helps to disable this for llvm-project to not get spammed by warnings from LLVM).

For example, if you want to scan the math directory, you can do:

diff --git a/interpreter/llvm-project/llvm/CMakeLists.txt b/interpreter/llvm-project/llvm/CMakeLists.txt
index 0b046717ba..b685291490 100644
--- a/interpreter/llvm-project/llvm/CMakeLists.txt
+++ b/interpreter/llvm-project/llvm/CMakeLists.txt
@@ -283,7 +283,7 @@ list(INSERT CMAKE_MODULE_PATH 0

 # Generate a CompilationDatabase (compile_commands.json file) for our build,
 # for use by clang_complete, YouCompleteMe, etc.
-set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
+set(CMAKE_EXPORT_COMPILE_COMMANDS 0)

 option(LLVM_INSTALL_BINUTILS_SYMLINKS
   "Install symlinks from the binutils tool names to the corresponding LLVM tools." OFF)
diff --git a/math/CMakeLists.txt b/math/CMakeLists.txt
index 543adbf6b1..12f5930901 100644
--- a/math/CMakeLists.txt
+++ b/math/CMakeLists.txt
@@ -4,6 +4,10 @@
 # For the licensing terms see $ROOTSYS/LICENSE.
 # For the list of contributors see $ROOTSYS/README/CREDITS.

+set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
+
 add_subdirectory(mathcore)
 if(mathmore)
   add_subdirectory(mathmore)

Then, after building, you go into equivalent subdirectory in the build directory (e.g. build/math) and run this:

run-clang-tidy -checks='clang-analyzer-*' . -j20

So the warnings are easy to reproduce and we are aware that these exist for all for ROOT in general. Therefore, I'd suggest to close this particular issue so that we can focus on feature development and fixing confirmed bugs. We can't afford separate GitHub issues for all groups of clang-tidy warnings in all subdirectories.

Thank you very much @ferdymercury for the initiative thought! We learned a lot from this!

@guitargeek guitargeek closed this as not planned Won't fix, can't repro, duplicate, stale Sep 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dpiparo dpiparo

Labels
bug in:Core Libraries priority:low
Projects
Fixed in: not applicable
Status: Issues
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Axel-Naumann @jblomer @guitargeek @dpiparo @ferdymercury