[PATCH] D27753: [analyzer] alpha.security.DirtyScalar Checker
Zoltán Gera via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Feb 28 05:50:53 PST 2017
gerazo marked an inline comment as done.
gerazo added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/DirtyScalarChecker.cpp:184
+ Ty = Ctx.IntTy;
+ if (!Ty->isIntegerType() || Ctx.getIntWidth(Ty) <= TooNarrowForBoundCheck)
+ return false;
----------------
a.sidorin wrote:
> Does the second check means that we exclude boolean and char values? I cannot find any reason to do it for chars.
Yes, we exclude them.
Using lookup tables especially in cryptography sometimes involve reading a value from disk and than using this value immediately with a table lookup. This way, you use a dirty value directly in array indexing. Reading a byte and using it on a prepared 256 element table is common. As the read value gets bigger it is less performant and hence less common to do it.
I've found exactly 1 false positive in openssl without this exclusion.
https://reviews.llvm.org/D27753
More information about the cfe-commits
mailing list