[all-commits] [llvm/llvm-project] 680885: [analyzer] MallocOverflow should consider comparis...
Balazs Benics via All-commits
all-commits at lists.llvm.org
Fri Aug 27 05:41:57 PDT 2021
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 68088563fbadba92a153cbe03c1586033b19322d
https://github.com/llvm/llvm-project/commit/68088563fbadba92a153cbe03c1586033b19322d
Author: Balazs Benics <balazs.benics at sigmatechnology.se>
Date: 2021-08-27 (Fri, 27 Aug 2021)
Changed paths:
M clang/docs/analyzer/checkers.rst
M clang/lib/StaticAnalyzer/Checkers/MallocOverflowSecurityChecker.cpp
M clang/test/Analysis/malloc-overflow.c
Log Message:
-----------
[analyzer] MallocOverflow should consider comparisons only preceding malloc
MallocOverflow works in two phases:
1) Collects suspicious malloc calls, whose argument is a multiplication
2) Filters the aggregated list of suspicious malloc calls by iterating
over the BasicBlocks of the CFG looking for comparison binary
operators over the variable constituting in any suspicious malloc.
Consequently, it suppressed true-positive cases when the comparison
check was after the malloc call.
In this patch the checker will consider the relative position of the
relation check to the malloc call.
E.g.:
```lang=C++
void *check_after_malloc(int n, int x) {
int *p = NULL;
if (x == 42)
p = malloc(n * sizeof(int)); // Previously **no** warning, now it
// warns about this.
// The check is after the allocation!
if (n > 10) {
// Do something conditionally.
}
return p;
}
```
Reviewed By: martong
Differential Revision: https://reviews.llvm.org/D107804
More information about the All-commits
mailing list