tidy - bugprone-misplaced-operator-in-strlen-in-alloc — Extra Clang Tools 22.0.0git documentation (original) (raw)

Finds cases where 1 is added to the string in the argument to strlen(),strnlen(), strnlen_s(), wcslen(), wcsnlen(), andwcsnlen_s() instead of the result and the value is used as an argument to a memory allocation function (malloc(), calloc(), realloc(),alloca()) or the new[] operator in C++. The check detects error cases even if one of these functions (except the new[] operator) is called by a constant function pointer. Cases where 1 is added both to the parameter and the result of the strlen()-like function are ignored, as are cases where the whole addition is surrounded by extra parentheses.

C example code:

void bad_malloc(char *str) { char c = (char) malloc(strlen(str + 1)); }

The suggested fix is to add 1 to the return value of strlen() and not to its argument. In the example above the fix would be

char c = (char) malloc(strlen(str) + 1);

C++ example code:

void bad_new(char *str) { char *c = new char[strlen(str + 1)]; }

As in the C code with the malloc() function, the suggested fix is to add 1 to the return value of strlen() and not to its argument. In the example above the fix would be

char *c = new char[strlen(str) + 1];

Example for silencing the diagnostic:

void bad_malloc(char *str) { char c = (char) malloc(strlen((str + 1))); }