[clang] 379b639 - Revert "[analyzer] Extend the documentation of MallocOverflow"

Balazs Benics via cfe-commits cfe-commits at lists.llvm.org
Thu Aug 26 06:29:52 PDT 2021 

Author: Balazs Benics
Date: 2021-08-26T15:29:32+02:00
New Revision: 379b6394d9ca254593b77ec3c0028e6d820715e4

URL: https://github.com/llvm/llvm-project/commit/379b6394d9ca254593b77ec3c0028e6d820715e4
DIFF: https://github.com/llvm/llvm-project/commit/379b6394d9ca254593b77ec3c0028e6d820715e4.diff

LOG: Revert "[analyzer] Extend the documentation of MallocOverflow"

This reverts commit 6097a41924584b613153237d8e66e9660001ce7d.

Added: 
    

Modified: 
    clang/docs/analyzer/checkers.rst

Removed: 
    


################################################################################
diff  --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 66c540ec0b544..9a74dffc1658d 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -2154,14 +2154,7 @@ Warn about buffer overflows (newer checker).
 
 alpha.security.MallocOverflow (C)
 """""""""""""""""""""""""""""""""
-Check for overflows in the arguments to ``malloc()``.
-It tries to catch ``malloc(n * c)`` patterns, where:
- - ``n``: a variable or member access of an object
- - ``c``: a constant foldable integral
-
-This checker was designed for code audits, so expect false-positive reports.
-One is supposed to silence this checker by ensuring proper bounds checking on
-the variable in question using e.g. an ``assert()`` or a branch.
+Check for overflows in the arguments to malloc().
 
 .. code-block:: c
 
@@ -2175,26 +2168,6 @@ the variable in question using e.g. an ``assert()`` or a branch.
    void *p = malloc(n * sizeof(int)); // no warning
  }
 
- void test3(int n) {
-   assert(n <= 100 && "Contract violated.");
-   void *p = malloc(n * sizeof(int)); // no warning
- }
-
-Limitations:
- - The checker won't warn for variables involved in explicit casts,
-   since that might limit the variable's domain.
-   E.g.: ``(unsigned char)int x`` would limit the domain to ``[0,255]``.
-   The checker will miss the true-positive cases when the explicit cast would
-   not tighten the domain to prevent the overflow in the subsequent
-   multiplication operation.
-
- - If the variable ``n`` participates in a comparison anywhere in the enclosing
-   function's scope, even after the ``malloc()``, the report will be still
-   suppressed.
-
- - It is an AST-based checker, thus it does not make use of the
-   path-sensitive taint-analysis.
-
 .. _alpha-security-MmapWriteExec:
 
 alpha.security.MmapWriteExec (C)

More information about the cfe-commits mailing list