[PATCH] D73629: [analyzer] vfork checker: allow execve after vfork
Jan Včelák via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 17 12:21:41 PST 2020
janvcelak updated this revision to Diff 245025.
janvcelak added a comment.
I'm attaching updated version with tests.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D73629/new/
https://reviews.llvm.org/D73629
Files:
clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
clang/test/Analysis/Inputs/system-header-simulator.h
clang/test/Analysis/vfork.c
Index: clang/test/Analysis/vfork.c
===================================================================
--- clang/test/Analysis/vfork.c
+++ clang/test/Analysis/vfork.c
@@ -6,7 +6,7 @@
void foo();
// Ensure that child process is properly checked.
-int f1(int x) {
+int f1(int x, int y) {
pid_t pid = vfork(); // expected-warning{{Call to function 'vfork' is insecure}}
if (pid != 0)
return 0;
@@ -16,7 +16,29 @@
// Ensure that modifying pid is ok.
pid = 1; // no-warning
// Ensure that calling whitelisted routines is ok.
- execl("", "", 0); // no-warning
+ switch (y) {
+ case 0:
+ execl("", "", 0); // no-warning
+ break;
+ case 1:
+ execle("", "", 0); // no-warning
+ break;
+ case 2:
+ execlp("", "", 0); // no-warning
+ break;
+ case 3:
+ execv("", NULL); // no-warning
+ break;
+ case 4:
+ execve("", NULL, NULL); // no-warning
+ break;
+ case 5:
+ execvp("", NULL); // no-warning
+ break;
+ case 6:
+ execvpe("", NULL, NULL); // no-warning
+ break;
+ }
_exit(1); // no-warning
break;
case 1:
Index: clang/test/Analysis/Inputs/system-header-simulator.h
===================================================================
--- clang/test/Analysis/Inputs/system-header-simulator.h
+++ clang/test/Analysis/Inputs/system-header-simulator.h
@@ -98,6 +98,12 @@
pid_t fork(void);
pid_t vfork(void);
int execl(const char *path, const char *arg, ...);
+int execle(const char *path, const char *arg, ...);
+int execlp(const char *file, const char *arg, ...);
+int execv(const char *path, char *const argv[]);
+int execve(const char *path, char *const argv[], char *const envp[]);
+int execvp(const char *file, char *const argv[]);
+int execvpe(const char *file, char *const argv[], char *const envp[]);
void exit(int status) __attribute__ ((__noreturn__));
void _exit(int status) __attribute__ ((__noreturn__));
Index: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
@@ -98,12 +98,13 @@
if (VforkWhitelist.empty()) {
// According to manpage.
const char *ids[] = {
- "_exit",
"_Exit",
+ "_exit",
"execl",
- "execlp",
"execle",
+ "execlp",
"execv",
+ "execve",
"execvp",
"execvpe",
nullptr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D73629.245025.patch
Type: text/x-patch
Size: 2499 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200217/eb6e15c2/attachment.bin>
More information about the cfe-commits
mailing list