[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
Rajveer Singh Bharadwaj via cfe-commits
cfe-commits at lists.llvm.org
Sun May 5 05:39:44 PDT 2024
https://github.com/Rajveer100 created https://github.com/llvm/llvm-project/pull/91119
Resolves #89264
Values should not be stored in addresses of labels, this throws a fatal error when this happens.
>From 36b1ee31d8d740cdbee6a1787d7ef81d6abeb8ad Mon Sep 17 00:00:00 2001
From: Rajveer <rajveer.developer at icloud.com>
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../StaticAnalyzer/Checkers/DereferenceChecker.cpp | 7 +++++++
clang/test/Analysis/Issue89264.c | 13 +++++++++++++
2 files changed, 20 insertions(+)
create mode 100644 clang/test/Analysis/Issue89264.c
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77dae..a1770e15ad7d52 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -286,6 +286,13 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const Stmt *S,
// If we're binding to a reference, check if the value is known to be null.
if (V.isUndef())
return;
+
+ // One should never write to label addresses.
+ if (auto Label = L.getAs<loc::GotoLabel>()) {
+ llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+ llvm::errs() << "Fatal Error: " << "Dereference of the address of a label" << "\n";
+ return;
+ }
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null<TypedValueRegion>(MR);
diff --git a/clang/test/Analysis/Issue89264.c b/clang/test/Analysis/Issue89264.c
new file mode 100644
index 00000000000000..1592bc20ee56f2
--- /dev/null
+++ b/clang/test/Analysis/Issue89264.c
@@ -0,0 +1,13 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
+
+void clang_analyzer_dump(char);
+void clang_analyzer_dump_ptr(char*);
+
+// https://github.com/llvm/llvm-project/issues/89185
+void binding_to_label_loc() {
+ char *b = &&MyLabel;
+MyLabel:
+ *b = 0; // no-crash
+ clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
+ clang_analyzer_dump(*b); // expected-warning {{Unknown}}
+}
More information about the cfe-commits
mailing list