Bug 1475882 - clang-analyzer: Enable clang-analyzer-unix.cstring.BadSizeArg check. r=andi

Check the size argument passed to strncat for common erroneous patterns. There are currently no clang-analyzer-unix.cstring.BadSizeArg warnings in mozilla-central!

https://clang-analyzer.llvm.org/available_checks.html

MozReview-Commit-ID: DUI3ZNIBoLQ

tools/clang-tidy/config.yaml

@@ -34,6 +34,8 @@ clang_checkers:
     publish: !!bool yes
   - name: clang-analyzer-security.insecureAPI.vfork
     publish: !!bool yes
+  - name: clang-analyzer-unix.cstring.BadSizeArg
+    publish: !!bool yes
   - name: misc-argument-comment
     publish: !!bool yes
   - name: misc-assert-side-effect

tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.cpp

@@ -0,0 +1,9 @@
+// https://clang-analyzer.llvm.org/available_checks.html
+
+#include "structures.h"
+
+void test()
+{
+  char dest[3];
+  strncat(dest, "***", sizeof(dest)); // warning : potential buffer overflow
+}

tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.json

@@ -0,0 +1 @@
+"[[\"warning\", \"Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API\", \"clang-analyzer-unix.cstring.BadSizeArg\"]]"

tools/clang-tidy/test/structures.h

@@ -87,3 +87,5 @@ int abort() { return 0; }
 #define assert(x)                                                              \
   if (!(x))                                                                    \
   (void)abort()
+
+char *strncat(char *s1, const char *s2, std::size_t n);