[PATCH] D71433: [analyzer] CERT: POS34-C

Zurab Tsinadze via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Sat Dec 14 15:21:17 PST 2019


zukatsinadze added a comment.

In D71433#1784238 <https://reviews.llvm.org/D71433#1784238>, @NoQ wrote:

> Thanks! This looks like a simple and efficient check. I have one overall suggestion.
>
> Currently the check may warn on non-bugs of the following kind:
>
>   void foo() {
>     char env[] = "NAME=value";
>     putenv(env);
>     doStuff();
>     putenv("NAME=anothervalue");
>   }
>
>
> I.e., it's obviously harmless if the local variable pointer is removed from the environment before it goes out of scope. Can we instead warn when the *last* `putenv()` on the execution path through the current stack frame is a local variable (that goes out of scope at the end of the stack frame)?
>
> That'd allow the checker to be enabled by default, which will give a lot more users access to it. Otherwise we'll have to treat it as an opt-in check and users will only enable it when they know about it, which is much less usefulness.


@NoQ I like the idea, but I am not really sure how to do that. I started working on Static Analyzer just lask week.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D71433/new/

https://reviews.llvm.org/D71433





More information about the cfe-commits mailing list