1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
.. title:: clang-tidy - bugprone-misplaced-operator-in-strlen-in-alloc
bugprone-misplaced-operator-in-strlen-in-alloc
==============================================
Finds cases where ``1`` is added to the string in the argument to ``strlen()``,
``strnlen()``, ``strnlen_s()``, ``wcslen()``, ``wcsnlen()``, and ``wcsnlen_s()``
instead of the result and the value is used as an argument to a memory
allocation function (``malloc()``, ``calloc()``, ``realloc()``, ``alloca()``) or
the ``new[]`` operator in `C++`. The check detects error cases even if one of
these functions (except the ``new[]`` operator) is called by a constant function
pointer. Cases where ``1`` is added both to the parameter and the result of the
``strlen()``-like function are ignored, as are cases where the whole addition is
surrounded by extra parentheses.
`C` example code:
.. code-block:: c
void bad_malloc(char *str) {
char *c = (char*) malloc(strlen(str + 1));
}
The suggested fix is to add ``1`` to the return value of ``strlen()`` and not
to its argument. In the example above the fix would be
.. code-block:: c
char *c = (char*) malloc(strlen(str) + 1);
`C++` example code:
.. code-block:: c++
void bad_new(char *str) {
char *c = new char[strlen(str + 1)];
}
As in the `C` code with the ``malloc()`` function, the suggested fix is to
add ``1`` to the return value of ``strlen()`` and not to its argument. In the
example above the fix would be
.. code-block:: c++
char *c = new char[strlen(str) + 1];
Example for silencing the diagnostic:
.. code-block:: c
void bad_malloc(char *str) {
char *c = (char*) malloc(strlen((str + 1)));
}
|
