[PATCH] D97699: [analyzer] Add InvalidPtrChecker
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Jun 4 01:16:03 PDT 2021
steakhal added a comment.
Overall I think it's a useful checker not only for checking the `getenv()` but a bunch of other functions as well, which might return a pointer to a statically allocated buffer.
The implementation could be polished a bit but it's ok I think.
About the produced reports, they were all useful and clear.
It is triggered only if it sees evidence(*) of the use of the invalidated pointer and highlights where it was produced and later invalidated.
(*) escaping via a conservatively evaluated function call also counts as such. There are pros and cons to this, but in this case, it seems like it's a good choice.
================
Comment at: clang/docs/analyzer/checkers.rst:2056
+
.. _alpha-security-cert-pos-checkers:
----------------
?
================
Comment at: clang/test/Analysis/cert/env34-c-cert-examples.c:26-27
+
+ if (strcmp(tmpvar, tempvar) == 0) { // body of strcmp is unknown
+ // expected-warning at -1{{use of invalidated pointer 'tmpvar' in a function call}}
+ }
----------------
I just want to highlight the capabilities of this checker.
Here we are using the invalid `tmpvar` pointer in a conservatively evaluated function call, and we still have a warning. Which is awesome.
Just imagine that `getenv()` would return a pointer to the same static buffer, then the `strcmp()` would always succeed, which is likely a bug.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D97699/new/
https://reviews.llvm.org/D97699
More information about the cfe-commits
mailing list