Enable clang-tidy for security sensitive domain. Start with clang-analyzer-security* and cert-*, but disable two specific errors: -- cert-err34-c, which checks for atoi(); heavily triggered by CommandListener, but will disappear when we move to Binder. -- cert-err58-cpp, which checks for exceptions before main(); it's a "Low" severity issue, and filed 36656327 to track cleanup. Fix all other triggered errors along the way. Test: builds, boots Bug: 36655947 Change-Id: I1391693fb521ed39700e25ab6b16bc741293bb79

commit: 32ebb739cb6c27a122d98b1bdfe1c1a5814b2ed3 [log] [tgz]
author: Jeff Sharkey <jsharkey@android.com> Mon Mar 27 16:18:50 2017 -0600
committer: Jeff Sharkey <jsharkey@android.com> Mon Mar 27 17:14:52 2017 -0600
tree: 600a15d218e212c5dda6aaa71e7adf8fc860743d
parent: fd3dc3c076f30e19e7ac902ba0531c6bcfe2e042 [diff] [blame]
diff --git a/cryptfs.cpp b/cryptfs.cpp
index f2f0f18..5d1453f 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp

@@ -1725,7 +1725,8 @@
     memset(&ext_crypt_ftr, 0, sizeof(ext_crypt_ftr));
     ext_crypt_ftr.fs_size = nr_sec;
     ext_crypt_ftr.keysize = keysize;
-    strcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
+    strlcpy((char*) ext_crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256",
+            MAX_CRYPTO_TYPE_NAME_LEN);
 
     return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev,
             out_crypto_blkdev, label);
@@ -2238,7 +2239,7 @@
         }
     }
 
-    if (setjmp(setjmp_env)) {
+    if (setjmp(setjmp_env)) { // NOLINT
         SLOGE("Reading ext4 extent caused an exception\n");
         rc = -1;
         goto errout;
commit	32ebb739cb6c27a122d98b1bdfe1c1a5814b2ed3	[log] [tgz]
author	Jeff Sharkey <jsharkey@android.com>	Mon Mar 27 16:18:50 2017 -0600
committer	Jeff Sharkey <jsharkey@android.com>	Mon Mar 27 17:14:52 2017 -0600
tree	600a15d218e212c5dda6aaa71e7adf8fc860743d
parent	fd3dc3c076f30e19e7ac902ba0531c6bcfe2e042 [diff] [blame]