[PATCH] D154603: [analyzer][clangsa] Add new option to alpha.security.cert.InvalidPtrChecker
Endre Fülöp via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 23 05:24:39 PDT 2023
gamesh411 updated this revision to Diff 552670.
gamesh411 added a comment.
Add tests for checker option
Remove unnecessary const_cast
Only model a getenv call if there is a value to model
Use getPredecessor to better indicate what happens during EG building
Hoist GetEnvCall variable
Fix dangling strings in note generation
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D154603/new/
https://reviews.llvm.org/D154603
Files:
clang/test/Analysis/cert/env34-c.c
clang/test/Analysis/invalid-ptr-checker.c
Index: clang/test/Analysis/invalid-ptr-checker.c
===================================================================
--- /dev/null
+++ clang/test/Analysis/invalid-ptr-checker.c
@@ -0,0 +1,56 @@
+// RUN: %clang_analyze_cc1 \
+// RUN: -analyzer-checker=alpha.security.cert.env.InvalidPtr \
+// RUN: -analyzer-config alpha.security.cert.env.InvalidPtr:InvalidatingGetEnv=false \
+// RUN: -analyzer-output=text -verify -Wno-unused %s
+//
+// RUN: %clang_analyze_cc1 \
+// RUN: -analyzer-checker=alpha.security.cert.env.InvalidPtr \
+// RUN: -analyzer-config \
+// RUN: alpha.security.cert.env.InvalidPtr:InvalidatingGetEnv=true \
+// RUN: -analyzer-output=text -verify=pedantic -Wno-unused %s
+
+#include "Inputs/system-header-simulator.h"
+
+char *getenv(const char *name);
+int setenv(const char *name, const char *value, int overwrite);
+int strcmp(const char *, const char *);
+
+int custom_env_handler(const char **envp);
+
+void getenv_after_getenv(void) {
+ char *v1 = getenv("V1");
+ // pedantic-note at -1{{previous function call was here}}
+
+ char *v2 = getenv("V2");
+ // pedantic-note at -1{{'getenv' call may invalidate the result of the previous 'getenv'}}
+
+ strcmp(v1, v2);
+ // pedantic-warning at -1{{use of invalidated pointer 'v1' in a function call}}
+ // pedantic-note at -2{{use of invalidated pointer 'v1' in a function call}}
+}
+
+void setenv_after_getenv(void) {
+ char *v1 = getenv("VAR1");
+
+ setenv("VAR2", "...", 1);
+ // expected-note at -1{{'setenv' call may invalidate the environment returned by getenv}}
+ // pedantic-note at -2{{'setenv' call may invalidate the environment returned by getenv}}
+
+ strcmp(v1, "");
+ // expected-warning at -1{{use of invalidated pointer 'v1' in a function call}}
+ // expected-note at -2{{use of invalidated pointer 'v1' in a function call}}
+ // pedantic-warning at -3{{use of invalidated pointer 'v1' in a function call}}
+ // pedantic-note at -4{{use of invalidated pointer 'v1' in a function call}}
+}
+
+int main(int argc, const char *argv[], const char *envp[]) {
+ setenv("VAR", "...", 0);
+ // expected-note at -1 2 {{'setenv' call may invalidate the environment parameter of 'main'}}
+ // pedantic-note at -2 2 {{'setenv' call may invalidate the environment parameter of 'main'}}
+
+ *envp;
+ // expected-warning at -1 2 {{dereferencing an invalid pointer}}
+ // expected-note at -2 2 {{dereferencing an invalid pointer}}
+ // pedantic-warning at -3 2 {{dereferencing an invalid pointer}}
+ // pedantic-note at -4 2 {{dereferencing an invalid pointer}}
+}
Index: clang/test/Analysis/cert/env34-c.c
===================================================================
--- clang/test/Analysis/cert/env34-c.c
+++ clang/test/Analysis/cert/env34-c.c
@@ -2,10 +2,6 @@
// RUN: -analyzer-checker=alpha.security.cert.env.InvalidPtr\
// RUN: -analyzer-config alpha.security.cert.env.InvalidPtr:InvalidatingGetEnv=true \
// RUN: -analyzer-output=text -verify -Wno-unused %s
-//
-// TODO: write test cases that follow the pattern:
-// "getenv -> store pointer -> setenv -> use stored pointer"
-// and not rely solely on getenv as an invalidating function
#include "../Inputs/system-header-simulator.h"
char *getenv(const char *name);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D154603.552670.patch
Type: text/x-patch
Size: 3203 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230823/545a4c54/attachment-0001.bin>
More information about the cfe-commits
mailing list