[PATCH] D154603: [analyzer][clangsa] Add new option to alpha.security.cert.InvalidPtrChecker

Endre Fülöp via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Aug 23 05:24:39 PDT 2023 

gamesh411 updated this revision to Diff 552670.
gamesh411 added a comment.

Add tests for checker option
Remove unnecessary const_cast
Only model a getenv call if there is a value to model
Use getPredecessor to better indicate what happens during EG building
Hoist GetEnvCall variable
Fix dangling strings in note generation


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D154603/new/

https://reviews.llvm.org/D154603

Files:
  clang/test/Analysis/cert/env34-c.c
  clang/test/Analysis/invalid-ptr-checker.c


Index: clang/test/Analysis/invalid-ptr-checker.c
===================================================================
--- /dev/null
+++ clang/test/Analysis/invalid-ptr-checker.c
@@ -0,0 +1,56 @@
+// RUN: %clang_analyze_cc1 \
+// RUN:  -analyzer-checker=alpha.security.cert.env.InvalidPtr \
+// RUN:  -analyzer-config alpha.security.cert.env.InvalidPtr:InvalidatingGetEnv=false \
+// RUN:  -analyzer-output=text -verify -Wno-unused %s
+//
+// RUN: %clang_analyze_cc1 \
+// RUN:  -analyzer-checker=alpha.security.cert.env.InvalidPtr \
+// RUN:  -analyzer-config \
+// RUN: alpha.security.cert.env.InvalidPtr:InvalidatingGetEnv=true \
+// RUN: -analyzer-output=text -verify=pedantic -Wno-unused %s
+
+#include "Inputs/system-header-simulator.h"
+
+char *getenv(const char *name);
+int setenv(const char *name, const char *value, int overwrite);
+int strcmp(const char *, const char *);
+
+int custom_env_handler(const char **envp);
+
+void getenv_after_getenv(void) {
+  char *v1 = getenv("V1");
+  // pedantic-note at -1{{previous function call was here}}
+
+  char *v2 = getenv("V2");
+  // pedantic-note at -1{{'getenv' call may invalidate the result of the previous 'getenv'}}
+
+  strcmp(v1, v2);
+  // pedantic-warning at -1{{use of invalidated pointer 'v1' in a function call}}
+  // pedantic-note at -2{{use of invalidated pointer 'v1' in a function call}}
+}
+
+void setenv_after_getenv(void) {
+  char *v1 = getenv("VAR1");
+
+  setenv("VAR2", "...", 1);
+  // expected-note at -1{{'setenv' call may invalidate the environment returned by getenv}}
+  // pedantic-note at -2{{'setenv' call may invalidate the environment returned by getenv}}
+
+  strcmp(v1, "");
+  // expected-warning at -1{{use of invalidated pointer 'v1' in a function call}}
+  // expected-note at -2{{use of invalidated pointer 'v1' in a function call}}
+  // pedantic-warning at -3{{use of invalidated pointer 'v1' in a function call}}
+  // pedantic-note at -4{{use of invalidated pointer 'v1' in a function call}}
+}
+
+int main(int argc, const char *argv[], const char *envp[]) {
+  setenv("VAR", "...", 0);
+  // expected-note at -1 2 {{'setenv' call may invalidate the environment parameter of 'main'}}
+  // pedantic-note at -2 2 {{'setenv' call may invalidate the environment parameter of 'main'}}
+
+  *envp;
+  // expected-warning at -1 2 {{dereferencing an invalid pointer}}
+  // expected-note at -2 2 {{dereferencing an invalid pointer}}
+  // pedantic-warning at -3 2 {{dereferencing an invalid pointer}}
+  // pedantic-note at -4 2 {{dereferencing an invalid pointer}}
+}
Index: clang/test/Analysis/cert/env34-c.c
===================================================================
--- clang/test/Analysis/cert/env34-c.c
+++ clang/test/Analysis/cert/env34-c.c
@@ -2,10 +2,6 @@
 // RUN:  -analyzer-checker=alpha.security.cert.env.InvalidPtr\
 // RUN:  -analyzer-config alpha.security.cert.env.InvalidPtr:InvalidatingGetEnv=true \
 // RUN:  -analyzer-output=text -verify -Wno-unused %s
-//
-// TODO: write test cases that follow the pattern:
-//       "getenv -> store pointer -> setenv -> use stored pointer"
-//       and not rely solely on getenv as an invalidating function
 
 #include "../Inputs/system-header-simulator.h"
 char *getenv(const char *name);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D154603.552670.patch
Type: text/x-patch
Size: 3203 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230823/545a4c54/attachment-0001.bin>

More information about the cfe-commits mailing list