[cfe-commits] [Patch] Checker for assignment of non-Boolean value to Boolean variable
David Blaikie
dblaikie at gmail.com
Thu Dec 8 15:20:46 PST 2011
On Thu, Dec 8, 2011 at 3:19 PM, David Blaikie <dblaikie at gmail.com> wrote:
> On Thu, Dec 8, 2011 at 3:11 PM, Ryan Govostes <rzg at apple.com> wrote:
>> On Dec 8, 2011, at 7:23 AM, Ted Kremenek wrote:
>>
>> (3) It's worth indicating in the diagnostic that this is a security problem.
>> E.g:
>>
>> Assignment of a non-boolean value to a variable of type 'Boolean'
>> (potentially insecure)
>>
>> As a further refinement, including the CERT advisory # might be scary enough
>> for some people to take the warning more seriously.
>>
>>
>> On Dec 8, 2011, at 8:13 AM, David Blaikie wrote:
>>
>> Indeed, to be honest at first blush I wasn't sure of the point of this
>> diagnostic. MSVC likes to warn about 'performance' issues when
>> implicitly converting from int->bool & that usually just annoys me (
>> http://msdn.microsoft.com/en-us/library/b6801kcy.aspx ) rather than
>> providing anything terribly useful.
>>
>> What's the actual security issue at stake here?
>>
>>
>> The checker was originally developed with security in mind, but I tend to
>> think now that it primarily useful for code cleanliness to preserve the
>> semantics of Boolean data types, which helps prevent subsequent logic errors
>> that may lead to a security exposure.
>
> Basically an attempt to make the lazy int<>bool behavior of C
> languages go away in favor of something more like other languages
> (Java, C#, etc) where there's no such implicit conversion?
>
> If so, wouldn't this be cheap/easy to implement as a simple clang
> warning under bool-conversion (probably under some more specific flag
> though)?
Or, as others will no doubt chime in since this probably doesn't meet
the bar for a Clang warning, it could go into the mysterious (&
non-existent) style checker based on the also non-existent plugin
framework ;)
> I haven't looked through the code, but I sort of assumed since this
> was an SA warning that it would be trying to find a particular more
> bug-like code, such as looking for int->bool where the int was certain
> to be neither zero nor one, say.
>
> - David
More information about the cfe-commits
mailing list