[all-commits] [llvm/llvm-project] de04b7: [analyzer] Fix core.VLASize checker false positive...
Daniel Krupp via All-commits
all-commits at lists.llvm.org
Fri Feb 23 02:44:45 PST 2024
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: de04b7d44edbfe8c2357cc291f8806575e6e93f2
https://github.com/llvm/llvm-project/commit/de04b7d44edbfe8c2357cc291f8806575e6e93f2
Author: Daniel Krupp <daniel.krupp at ericsson.com>
Date: 2024-02-23 (Fri, 23 Feb 2024)
Changed paths:
M clang/docs/analyzer/checkers.rst
M clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp
M clang/test/Analysis/taint-diagnostic-visitor.c
M clang/test/Analysis/taint-generic.c
Log Message:
-----------
[analyzer] Fix core.VLASize checker false positive taint reports (#68140)
The checker reported a false positive on this code
void testTaintedSanitizedVLASize(void) {
int x;
scanf("%d", &x);
if (x<1)
return;
int vla[x]; // no-warning
}
After the fix, the checker only emits tainted warning if the vla size is
coming from a tainted source and it cannot prove that it is positive.
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list