[clang] 8cc2de6 - [analyzer][docs] Fix the incorrect structure of the checker docs
Kristóf Umann via cfe-commits
cfe-commits at lists.llvm.org
Tue Nov 9 06:26:08 PST 2021
Author: Kristóf Umann
Date: 2021-11-09T15:26:00+01:00
New Revision: 8cc2de667ec2526b055e971f46f4b3731107546c
URL: https://github.com/llvm/llvm-project/commit/8cc2de667ec2526b055e971f46f4b3731107546c
DIFF: https://github.com/llvm/llvm-project/commit/8cc2de667ec2526b055e971f46f4b3731107546c.diff
LOG: [analyzer][docs] Fix the incorrect structure of the checker docs
The alpha.security.cert section came right after alpha.security, making it look
like checkers like alpha.security.MmapWriteExec belonged to that package.
Differential Revision: https://reviews.llvm.org/D113397
Added:
Modified:
clang/docs/analyzer/checkers.rst
Removed:
################################################################################
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 62eeb16d10dfa..80cf3bc7c3132 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -2064,90 +2064,6 @@ Warns against using one vs. many plural pattern in code when generating localize
alpha.security
^^^^^^^^^^^^^^
-
-alpha.security.cert
-^^^^^^^^^^^^^^^^^^^
-
-SEI CERT checkers which tries to find errors based on their `C coding rules <https://wiki.sei.cmu.edu/confluence/display/c/2+Rules>`_.
-
-.. _alpha-security-cert-pos-checkers:
-
-alpha.security.cert.pos
-^^^^^^^^^^^^^^^^^^^^^^^
-
-SEI CERT checkers of `POSIX C coding rules <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152405>`__.
-
-.. _alpha-security-cert-pos-34c:
-
-alpha.security.cert.pos.34c
-"""""""""""""""""""""""""""
-Finds calls to the ``putenv`` function which pass a pointer to an automatic variable as the argument.
-
-.. code-block:: c
-
- int func(const char *var) {
- char env[1024];
- int retval = snprintf(env, sizeof(env),"TEST=%s", var);
- if (retval < 0 || (size_t)retval >= sizeof(env)) {
- /* Handle error */
- }
-
- return putenv(env); // putenv function should not be called with auto variables
- }
-
-alpha.security.cert.env
-^^^^^^^^^^^^^^^^^^^^^^^
-
-SEI CERT checkers of `POSIX C coding rules <https://wiki.sei.cmu.edu/confluence/x/JdcxBQ>`__.
-
-.. _alpha-security-cert-env-InvalidPtr:
-
-alpha.security.cert.env.InvalidPtr
-""""""""""""""""""""""""""""""""""
-
-Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
-
-ENV31-C:
-Rule is about the possible problem with `main` function's third argument, environment pointer,
-"envp". When enviornment array is modified using some modification function
-such as putenv, setenv or others, It may happen that memory is reallocated,
-however "envp" is not updated to reflect the changes and points to old memory
-region.
-
-ENV34-C:
-Some functions return a pointer to a statically allocated buffer.
-Consequently, subsequent call of these functions will invalidate previous
-pointer. These functions include: getenv, localeconv, asctime, setlocale, strerror
-
-.. code-block:: c
-
- int main(int argc, const char *argv[], const char *envp[]) {
- if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
- // setenv call may invalidate 'envp'
- /* Handle error */
- }
- if (envp != NULL) {
- for (size_t i = 0; envp[i] != NULL; ++i) {
- puts(envp[i]);
- // envp may no longer point to the current environment
- // this program has unanticipated behavior, since envp
- // does not reflect changes made by setenv function.
- }
- }
- return 0;
- }
-
- void previous_call_invalidation() {
- char *p, *pp;
-
- p = getenv("VAR");
- pp = getenv("VAR2");
- // subsequent call to 'getenv' invalidated previous one
-
- *p;
- // dereferencing invalid pointer
- }
-
.. _alpha-security-ArrayBound:
alpha.security.ArrayBound (C)
@@ -2299,6 +2215,95 @@ Check for an out-of-bound pointer being returned to callers.
return x; // warn: undefined or garbage returned
}
+
+alpha.security.cert
+^^^^^^^^^^^^^^^^^^^
+
+SEI CERT checkers which tries to find errors based on their `C coding rules <https://wiki.sei.cmu.edu/confluence/display/c/2+Rules>`_.
+
+.. _alpha-security-cert-pos-checkers:
+
+alpha.security.cert.pos
+^^^^^^^^^^^^^^^^^^^^^^^
+
+SEI CERT checkers of `POSIX C coding rules <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152405>`_.
+
+.. _alpha-security-cert-pos-34c:
+
+alpha.security.cert.pos.34c
+"""""""""""""""""""""""""""
+Finds calls to the ``putenv`` function which pass a pointer to an automatic variable as the argument.
+
+.. code-block:: c
+
+ int func(const char *var) {
+ char env[1024];
+ int retval = snprintf(env, sizeof(env),"TEST=%s", var);
+ if (retval < 0 || (size_t)retval >= sizeof(env)) {
+ /* Handle error */
+ }
+
+ return putenv(env); // putenv function should not be called with auto variables
+ }
+
+alpha.security.cert.env
+^^^^^^^^^^^^^^^^^^^^^^^
+
+SEI CERT checkers of `Environment C coding rules <https://wiki.sei.cmu.edu/confluence/x/JdcxBQ>`_.
+
+.. _alpha-security-cert-env-InvalidPtr:
+
+alpha.security.cert.env.InvalidPtr
+""""""""""""""""""""""""""""""""""
+
+Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
+
+ENV31-C:
+Rule is about the possible problem with `main` function's third argument, environment pointer,
+"envp". When enviornment array is modified using some modification function
+such as putenv, setenv or others, It may happen that memory is reallocated,
+however "envp" is not updated to reflect the changes and points to old memory
+region.
+
+ENV34-C:
+Some functions return a pointer to a statically allocated buffer.
+Consequently, subsequent call of these functions will invalidate previous
+pointer. These functions include: getenv, localeconv, asctime, setlocale, strerror
+
+.. code-block:: c
+
+ int main(int argc, const char *argv[], const char *envp[]) {
+ if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
+ // setenv call may invalidate 'envp'
+ /* Handle error */
+ }
+ if (envp != NULL) {
+ for (size_t i = 0; envp[i] != NULL; ++i) {
+ puts(envp[i]);
+ // envp may no longer point to the current environment
+ // this program has unanticipated behavior, since envp
+ // does not reflect changes made by setenv function.
+ }
+ }
+ return 0;
+ }
+
+ void previous_call_invalidation() {
+ char *p, *pp;
+
+ p = getenv("VAR");
+ pp = getenv("VAR2");
+ // subsequent call to 'getenv' invalidated previous one
+
+ *p;
+ // dereferencing invalid pointer
+ }
+
+alpha.security.taint
+^^^^^^^^^^^^^^^^^^^^
+
+Checkers implementing `taint analysis <https://en.wikipedia.org/wiki/Taint_checking>`_.
+
.. _alpha-security-taint-TaintPropagation:
alpha.security.taint.TaintPropagation (C, C++)
More information about the cfe-commits
mailing list