[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)
Rajveer Singh Bharadwaj via cfe-commits
cfe-commits at lists.llvm.org
Sun May 5 06:20:20 PDT 2024
https://github.com/Rajveer100 updated https://github.com/llvm/llvm-project/pull/91119
>From dcc23f7751ba2ceb281a9b027907dbf849ba65c6 Mon Sep 17 00:00:00 2001
From: Rajveer <rajveer.developer at icloud.com>
Date: Sun, 5 May 2024 18:05:00 +0530
Subject: [PATCH] [clang][analyzer] Check for label location bindings in
`DereferenceChecker`
Resolves #89264
---
.../StaticAnalyzer/Checkers/DereferenceChecker.cpp | 8 ++++++++
clang/test/Analysis/Issue89264.c | 13 +++++++++++++
2 files changed, 21 insertions(+)
create mode 100644 clang/test/Analysis/Issue89264.c
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77dae..2d23d23c6c82ba 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -287,6 +287,14 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const Stmt *S,
if (V.isUndef())
return;
+ // One should never write to label addresses.
+ if (auto Label = L.getAs<loc::GotoLabel>()) {
+ llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+ llvm::errs() << "Fatal Error: " << "Dereference of the address of a label"
+ << "\n";
+ return;
+ }
+
const MemRegion *MR = L.getAsRegion();
const TypedValueRegion *TVR = dyn_cast_or_null<TypedValueRegion>(MR);
if (!TVR)
diff --git a/clang/test/Analysis/Issue89264.c b/clang/test/Analysis/Issue89264.c
new file mode 100644
index 00000000000000..1592bc20ee56f2
--- /dev/null
+++ b/clang/test/Analysis/Issue89264.c
@@ -0,0 +1,13 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify %s
+
+void clang_analyzer_dump(char);
+void clang_analyzer_dump_ptr(char*);
+
+// https://github.com/llvm/llvm-project/issues/89185
+void binding_to_label_loc() {
+ char *b = &&MyLabel;
+MyLabel:
+ *b = 0; // no-crash
+ clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
+ clang_analyzer_dump(*b); // expected-warning {{Unknown}}
+}
More information about the cfe-commits
mailing list