[PATCH] D59637: [analyzer] Use the custom propagation rules and sinks in GenericTaintChecker
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sat Sep 7 01:26:19 PDT 2019
steakhal added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:118
/// Check for CWE-134: Uncontrolled Format String.
- static const char MsgUncontrolledFormatString[];
+ static constexpr llvm::StringLiteral MsgUncontrolledFormatString =
+ "Untrusted data is used as a format string "
----------------
Shouldn't we still need an out-of-class initializer part for each static constexpr class member variable?
These would provide the memory locations for the declarations.
```
constexpr llvm::StringLiteral GenericTaintChecker::MsgUncontrolledFormatString;
constexpr llvm::StringLiteral GenericTaintChecker::MsgSanitizeSystemArgs;
constexpr llvm::StringLiteral GenericTaintChecker::MsgTaintedBufferSize;
constexpr llvm::StringLiteral GenericTaintChecker::MsgCustomSink;
```
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59637/new/
https://reviews.llvm.org/D59637
More information about the cfe-commits
mailing list