[cfe-commits] r86833 - /cfe/trunk/lib/Analysis/ReturnPointerRangeChecker.cpp

Zhongxing Xu xuzhongxing at gmail.com
Wed Nov 11 03:55:54 PST 2009 

Author: zhongxingxu
Date: Wed Nov 11 05:55:54 2009
New Revision: 86833

URL: http://llvm.org/viewvc/llvm-project?rev=86833&view=rev
Log:
ReturnPointerRangeChecker: use StripCasts() instead of checking for zero index
explicitly.

Fix 80-col violations.

Modified:
    cfe/trunk/lib/Analysis/ReturnPointerRangeChecker.cpp

Modified: cfe/trunk/lib/Analysis/ReturnPointerRangeChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/ReturnPointerRangeChecker.cpp?rev=86833&r1=86832&r2=86833&view=diff

==============================================================================
--- cfe/trunk/lib/Analysis/ReturnPointerRangeChecker.cpp (original)
+++ cfe/trunk/lib/Analysis/ReturnPointerRangeChecker.cpp Wed Nov 11 05:55:54 2009
@@ -48,6 +48,12 @@
  
   SVal V = state->getSVal(RetE);
   const MemRegion *R = V.getAsRegion();
+  if (!R)
+    return;
+
+  R = R->StripCasts();
+  if (!R)
+    return;
 
   const ElementRegion *ER = dyn_cast_or_null<ElementRegion>(R);
   if (!ER)
@@ -55,13 +61,8 @@
 
   DefinedOrUnknownSVal &Idx = cast<DefinedOrUnknownSVal>(ER->getIndex());
 
-  // FIXME: All of this out-of-bounds checking should eventually be refactored into a
-  // common place.
-
-  // Zero index is always in bound, this also passes ElementRegions created for
-  // pointer casts.
-  if (Idx.isZeroConstant())
-    return;
+  // FIXME: All of this out-of-bounds checking should eventually be refactored
+  // into a common place.
 
   SVal NumVal = C.getStoreManager().getSizeInElements(state,
                                                       ER->getSuperRegion());
@@ -75,14 +76,16 @@
     if (!N)
       return;
   
-    // FIXME: This bug correspond to CWE-466.  Eventually we should have bug types explicitly
-    // reference such exploit categories (when applicable).
+    // FIXME: This bug correspond to CWE-466.  Eventually we should have bug
+    // types explicitly reference such exploit categories (when applicable).
     if (!BT)
       BT = new BuiltinBug("Return of pointer value outside of expected range",
-           "Returned pointer value points outside the original object (potential buffer overflow)");
+           "Returned pointer value points outside the original object "
+           "(potential buffer overflow)");
 
-    // FIXME: It would be nice to eventually make this diagnostic more clear, e.g., by referencing
-    // the original declaration or by saying *why* this reference is outside the range.
+    // FIXME: It would be nice to eventually make this diagnostic more clear,
+    // e.g., by referencing the original declaration or by saying *why* this
+    // reference is outside the range.
 
     // Generate a report for this bug.
     RangedBugReport *report =

More information about the cfe-commits mailing list