[all-commits] [llvm/llvm-project] 6ceb1c: [analyzer] Remove untrusted buffer size warning in...

Daniel Krupp via All-commits all-commits at lists.llvm.org
Thu May 2 07:47:03 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 6ceb1c0ef9f544be0eed65e46cc7d99941a001bf
      https://github.com/llvm/llvm-project/commit/6ceb1c0ef9f544be0eed65e46cc7d99941a001bf
  Author: Daniel Krupp <daniel.krupp at ericsson.com>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M clang/docs/analyzer/checkers.rst
    M clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
    M clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
    M clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
    M clang/test/Analysis/taint-diagnostic-visitor.c
    M clang/test/Analysis/taint-generic.c

  Log Message:
  -----------
  [analyzer] Remove untrusted buffer size warning in the TaintPropagation checker (#68607)

Before this commit the the checker alpha.security.taint.TaintPropagation always reported warnings when the size argument of a memcpy-like or malloc-like function was tainted. However, this produced false positive reports in situations where the size was tainted, but correctly performed bound checks guaranteed the safety of the call.
 
This commit removes the rough "always warn if the size argument is tainted" heuristic; but it would be good to add a more refined "warns if the size argument is tainted and can be too large" heuristic in follow-up commits. That logic would belong to CStringChecker and MallocChecker, because those are the checkers responsible for the more detailed modeling of memcpy-like and malloc-like functions. To mark this plan, TODO comments are added in those two checkers.
 
There were several test cases that used these sinks to test generic properties of taint tracking; those were adapted to use different logic.
 
As a minor unrelated change, this commit ensures that strcat (and its wide variant, wcsncat) propagates taint from the first argument to the first argument, i.e. a tainted string remains tainted if we concatenate it with another string. This change was required because the adapted variant of multipleTaintedArgs is relying on strncat to compose a value that combines taint from two different sources.



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list