From c89956cba9d1a5fbf059f7880ff49418718a2965 Mon Sep 17 00:00:00 2001
From: David Malcolm <dmalcolm@redhat.com>
Date: Wed, 16 Sep 2020 17:21:32 -0400
Subject: [PATCH] analyzer: handle strdup and strndup

gcc/analyzer/ChangeLog:
	* sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
	strndup as being malloc-like allocators.

gcc/testsuite/ChangeLog:
	* gcc.dg/analyzer/strdup-1.c: New test.
	* gcc.dg/analyzer/strndup-1.c: New test.
---
 gcc/analyzer/sm-malloc.cc                 |  4 +++-
 gcc/testsuite/gcc.dg/analyzer/strdup-1.c  | 21 +++++++++++++++++++++
 gcc/testsuite/gcc.dg/analyzer/strndup-1.c | 21 +++++++++++++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/strdup-1.c
 create mode 100644 gcc/testsuite/gcc.dg/analyzer/strndup-1.c

diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc
index 2b5a870d35f..90d1da14586 100644
--- a/gcc/analyzer/sm-malloc.cc
+++ b/gcc/analyzer/sm-malloc.cc
@@ -984,7 +984,9 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt,
 	    || is_std_named_call_p (callee_fndecl, "malloc", call, 1)
 	    || is_std_named_call_p (callee_fndecl, "calloc", call, 2)
 	    || is_named_call_p (callee_fndecl, "__builtin_malloc", call, 1)
-	    || is_named_call_p (callee_fndecl, "__builtin_calloc", call, 2))
+	    || is_named_call_p (callee_fndecl, "__builtin_calloc", call, 2)
+	    || is_named_call_p (callee_fndecl, "strdup", call, 1)
+	    || is_named_call_p (callee_fndecl, "strndup", call, 2))
 	  {
 	    on_allocator_call (sm_ctxt, call, m_malloc);
 	    return true;
diff --git a/gcc/testsuite/gcc.dg/analyzer/strdup-1.c b/gcc/testsuite/gcc.dg/analyzer/strdup-1.c
new file mode 100644
index 00000000000..6b950ca23a9
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/strdup-1.c
@@ -0,0 +1,21 @@
+#include <string.h>
+#include <stdlib.h>
+
+extern void requires_nonnull (void *ptr)
+  __attribute__((nonnull));
+
+void test_1 (const char *s)
+{
+  char *p = strdup (s); /* { dg-message "allocated here" } */
+} /* { dg-warning "leak of 'p'" } */
+
+void test_2 (const char *s)
+{
+  char *p = strdup (s);
+  free (p);
+}
+void test_3 (const char *s)
+{
+  char *p = strdup (s); /* { dg-message "this call could return NULL" } */
+  requires_nonnull (p); /* { dg-warning "use of possibly-NULL 'p'" } */
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/strndup-1.c b/gcc/testsuite/gcc.dg/analyzer/strndup-1.c
new file mode 100644
index 00000000000..23d9b6070ce
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/strndup-1.c
@@ -0,0 +1,21 @@
+#include <string.h>
+#include <stdlib.h>
+
+extern void requires_nonnull (void *ptr)
+  __attribute__((nonnull));
+
+void test_1 (const char *s)
+{
+  char *p = strndup (s, 42); /* { dg-message "allocated here" } */
+} /* { dg-warning "leak of 'p'" } */
+
+void test_2 (const char *s)
+{
+  char *p = strndup (s, 42);
+  free (p);
+}
+void test_3 (const char *s)
+{
+  char *p = strndup (s, 42); /* { dg-message "this call could return NULL" } */
+  requires_nonnull (p); /* { dg-warning "use of possibly-NULL 'p'" } */
+}
-- 
2.30.2