[cfe-commits] [Patch] Checker for assignment of non-Boolean value to Boolean variable
David Blaikie
dblaikie at gmail.com
Thu Dec 8 15:19:07 PST 2011
On Thu, Dec 8, 2011 at 3:11 PM, Ryan Govostes <rzg at apple.com> wrote:
> On Dec 8, 2011, at 7:23 AM, Ted Kremenek wrote:
>
> (3) It's worth indicating in the diagnostic that this is a security problem.
> E.g:
>
> Assignment of a non-boolean value to a variable of type 'Boolean'
> (potentially insecure)
>
> As a further refinement, including the CERT advisory # might be scary enough
> for some people to take the warning more seriously.
>
>
> On Dec 8, 2011, at 8:13 AM, David Blaikie wrote:
>
> Indeed, to be honest at first blush I wasn't sure of the point of this
> diagnostic. MSVC likes to warn about 'performance' issues when
> implicitly converting from int->bool & that usually just annoys me (
> http://msdn.microsoft.com/en-us/library/b6801kcy.aspx ) rather than
> providing anything terribly useful.
>
> What's the actual security issue at stake here?
>
>
> The checker was originally developed with security in mind, but I tend to
> think now that it primarily useful for code cleanliness to preserve the
> semantics of Boolean data types, which helps prevent subsequent logic errors
> that may lead to a security exposure.
Basically an attempt to make the lazy int<>bool behavior of C
languages go away in favor of something more like other languages
(Java, C#, etc) where there's no such implicit conversion?
If so, wouldn't this be cheap/easy to implement as a simple clang
warning under bool-conversion (probably under some more specific flag
though)?
I haven't looked through the code, but I sort of assumed since this
was an SA warning that it would be trying to find a particular more
bug-like code, such as looking for int->bool where the int was certain
to be neither zero nor one, say.
- David
More information about the cfe-commits
mailing list