[PATCH] D71433: [analyzer] CERT: POS34-C
Zurab Tsinadze via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sat Dec 14 15:21:17 PST 2019
zukatsinadze added a comment.
In D71433#1784238 <https://reviews.llvm.org/D71433#1784238>, @NoQ wrote:
> Thanks! This looks like a simple and efficient check. I have one overall suggestion.
>
> Currently the check may warn on non-bugs of the following kind:
>
> void foo() {
> char env[] = "NAME=value";
> putenv(env);
> doStuff();
> putenv("NAME=anothervalue");
> }
>
>
> I.e., it's obviously harmless if the local variable pointer is removed from the environment before it goes out of scope. Can we instead warn when the *last* `putenv()` on the execution path through the current stack frame is a local variable (that goes out of scope at the end of the stack frame)?
>
> That'd allow the checker to be enabled by default, which will give a lot more users access to it. Otherwise we'll have to treat it as an opt-in check and users will only enable it when they know about it, which is much less usefulness.
@NoQ I like the idea, but I am not really sure how to do that. I started working on Static Analyzer just lask week.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71433/new/
https://reviews.llvm.org/D71433
More information about the cfe-commits
mailing list