Google Git
Sign in
chromium / chromium / src.git / a8ecec3ecc2403783b557bdd1502f650cdc4f594^! / . / tools / clang / plugins / UnsafeBuffersPlugin.cpp
commita8ecec3ecc2403783b557bdd1502f650cdc4f594[log] [tgz]
authordanakj <[email protected]>Fri Mar 08 19:47:47 2024
committerChromium LUCI CQ <[email protected]>Fri Mar 08 19:47:47 2024
tree984c6a09188d18b647971711ebc57f79cdf4b673
parent201608d0ae9b19636e05408dd356e0d1cdaae16c [diff] [blame]
Avoid displaying -Runsafe-buffer-usage-in-container remarks

When -Runsafe-buffer-usage is turned on, it also turns the
-Runsafe-buffer-usage-in-container warning on implicitly. These are
hard-coded warnings for the std::span constructor. Instead of using
this warning, we want to mark span constructors as UNSAFE_BUFFER_USAGE
and have the normal warning work.

We were just not filtering this warning at all, so it was being printed
in third-party code using std::span. But, rather than making
-Runsafe-buffer-usage-in-container filtered on file paths, we just
ignore it and drop it on the floor entirely, since we need a solution
that will work for base::span too.

See also https://github.com/llvm/llvm-project/issues/80482.

Before this change:
```
In file included from ../../third_party/flatbuffers/src/tests/test.cpp:31:
In file included from ../../third_party/flatbuffers/src/include/flatbuffers/flatbuffers.h:24:
In file included from ../../third_party/flatbuffers/src/include/flatbuffers/array.h:25:
../../third_party/flatbuffers/src/include/flatbuffers/vector.h:311:10: remark: the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information [-Runsafe-buffer-usage-in-container]
  311 |   return span<U>(vec.data(), vec.size());
      |          ^
```

After this change, the file compiles without remarks.

Bug: 40284755, 41497066
Change-Id: Ie861a8f8d49a8c4a36393ccf864d8068e78cbcb5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5352810
Reviewed-by: Hans Wennborg <[email protected]>
Commit-Queue: danakj <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1270348}

diff --git a/tools/clang/plugins/UnsafeBuffersPlugin.cpp b/tools/clang/plugins/UnsafeBuffersPlugin.cpp
index d364f612..687f4565 100644
--- a/tools/clang/plugins/UnsafeBuffersPlugin.cpp
+++ b/tools/clang/plugins/UnsafeBuffersPlugin.cpp

@@ -80,6 +80,15 @@
       return PassthroughDiagnostic(level, diag);
     }
 
+    // The `-Runsafe-buffer-usage-in-container` warning gets enabled along with
+    // `-Runsafe-buffer-usage`, but it's a hardcoded warning about std::span
+    // constructor. We don't want to emit these, we instead want the span ctor
+    // (and our own base::span ctor) to be marked [[clang::unsafe_buffer_usage]]
+    // and have that work: https://github.com/llvm/llvm-project/issues/80482
+    if (diag_id == clang::diag::warn_unsafe_buffer_usage_in_container) {
+      return;
+    }
+
     if (!(diag_id == clang::diag::warn_unsafe_buffer_variable ||
           diag_id == clang::diag::warn_unsafe_buffer_operation ||
           diag_id == clang::diag::note_unsafe_buffer_operation ||