[all-commits] [llvm/llvm-project] 289725: [analyzer] New optin.taint.TaintedAlloc checker fo...
Daniel Krupp via All-commits
all-commits at lists.llvm.org
Wed Jun 5 07:33:52 PDT 2024
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 289725f11c579348ec49c8c606de4291314db0d9
https://github.com/llvm/llvm-project/commit/289725f11c579348ec49c8c606de4291314db0d9
Author: Daniel Krupp <daniel.krupp at ericsson.com>
Date: 2024-06-05 (Wed, 05 Jun 2024)
Changed paths:
M clang/docs/analyzer/checkers.rst
M clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
M clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
M clang/test/Analysis/malloc.c
M clang/test/Analysis/malloc.cpp
M clang/test/Analysis/taint-diagnostic-visitor.c
Log Message:
-----------
[analyzer] New optin.taint.TaintedAlloc checker for catching unbounded memory allocation calls (#92420)
A new optional checker (optin.taint.TaintedAlloc) will warn if a memory
allocation function (malloc, calloc, realloc, alloca, operator new[]) is
called with a tainted (attacker controlled) size parameter.
A large, maliciously set size value can trigger memory exhaustion. To
get this warning, the alpha.security.taint.TaintPropagation checker also
needs to be switched on.
The warning will only be emitted, if the analyzer cannot prove that the
size is below reasonable bounds (<SIZE_MAX/4).
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list