[PATCH] D125225: [WIP][analyzer] Taint Notes enhancements
Gabor Marton via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon May 9 09:06:43 PDT 2022
martong added a comment.
I've checked the `StdLibraryFunctionsChecker` related changes and they are promising.
================
Comment at: clang/test/Analysis/std-c-library-functions-taint.c:88
+ clang_analyzer_dump(n + 1); // expected-warning {{(conj_$}} expected-note {{(conj_$}}
+ (void)toupper(n + 1); // 'n+1' might be MAX_CHAR+1, which does not satisfie the precondition of 'toupper'
+ // expected-warning at -1 {{Function argument constraint is not satisfied, constraint: Range; It depends on tainted value}}
----------------
typo
================
Comment at: clang/test/Analysis/std-c-library-functions-taint.c:95-113
+// -----======== Testing NotNullConstraint ========-----
+// It's just a made up example, where we get a tainted pointer.
+char *strdup(const char *s);
+void testTaintedPointer(const char *fmt, char *buf) {
+ char *ptr;
+ scanf(fmt, &ptr); // One does not simply read a pointer - well we do.
+ clang_analyzer_isTainted_str(ptr); // expected-warning {{YES}} expected-note {{YES}}
----------------
I am missing a call to a standard library function which has a NotNullConstraint attached.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D125225/new/
https://reviews.llvm.org/D125225
More information about the cfe-commits
mailing list