[clang] 2b6160e - [analyzer] MmapWriteExecChecker: use getAs instead of castAs

via cfe-commits cfe-commits at lists.llvm.org
Tue Aug 29 21:35:47 PDT 2023 

Author: dingfei
Date: 2023-08-30T12:34:23+08:00
New Revision: 2b6160ea3f9aa1e859928053ef2893fd511430f2

URL: https://github.com/llvm/llvm-project/commit/2b6160ea3f9aa1e859928053ef2893fd511430f2
DIFF: https://github.com/llvm/llvm-project/commit/2b6160ea3f9aa1e859928053ef2893fd511430f2.diff

LOG: [analyzer] MmapWriteExecChecker: use getAs instead of castAs

Use 'getAs' instead of 'castAs'

Reviewed By: steakhal

Fixes https://github.com/llvm/llvm-project/issues/62285

Differential Revision: https://reviews.llvm.org/D158953

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
    clang/test/Analysis/mmap-writeexec.c

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
index 0b3d635a50a3f8..8fc44e78be6f07 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
@@ -48,8 +48,10 @@ void MmapWriteExecChecker::checkPreCall(const CallEvent &Call,
                                          CheckerContext &C) const {
   if (matchesAny(Call, MmapFn, MprotectFn)) {
     SVal ProtVal = Call.getArgSVal(2);
-    auto ProtLoc = ProtVal.castAs<nonloc::ConcreteInt>();
-    int64_t Prot = ProtLoc.getValue().getSExtValue();
+    auto ProtLoc = ProtVal.getAs<nonloc::ConcreteInt>();
+    if (!ProtLoc)
+      return;
+    int64_t Prot = ProtLoc->getValue().getSExtValue();
     if (ProtExecOv != ProtExec)
       ProtExec = ProtExecOv;
     if (ProtReadOv != ProtRead)

diff  --git a/clang/test/Analysis/mmap-writeexec.c b/clang/test/Analysis/mmap-writeexec.c
index c82dfbb4fb2e3d..8fd86ceb9d2a25 100644
--- a/clang/test/Analysis/mmap-writeexec.c
+++ b/clang/test/Analysis/mmap-writeexec.c
@@ -42,3 +42,9 @@ void f3(void)
   int m = mprotect(p, 1024, PROT_WRITE | PROT_EXEC); // expected-warning{{Both PROT_WRITE and PROT_EXEC flags are set. This can lead to exploitable memory regions, which could be overwritten with malicious code}}
   (void)m;
 }
+
+// gh62285: no crash on non concrete arg 'prot'
+void *gh62285(void *addr, int prot)
+{
+  return mmap(addr, 1, prot, 1, 1, 1);
+}

More information about the cfe-commits mailing list