[PATCH] D158953: [analyzer] MmapWriteExecChecker: use getAs instead of castAs

Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Aug 29 21:35:50 PDT 2023 

This revision was landed with ongoing or failed builds.
This revision was automatically updated to reflect the committed changes.
Closed by commit rG2b6160ea3f9a: [analyzer] MmapWriteExecChecker: use getAs instead of castAs (authored by dingfei <fding at feysh.com>).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D158953/new/

https://reviews.llvm.org/D158953

Files:
  clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
  clang/test/Analysis/mmap-writeexec.c


Index: clang/test/Analysis/mmap-writeexec.c
===================================================================
--- clang/test/Analysis/mmap-writeexec.c
+++ clang/test/Analysis/mmap-writeexec.c
@@ -42,3 +42,9 @@
   int m = mprotect(p, 1024, PROT_WRITE | PROT_EXEC); // expected-warning{{Both PROT_WRITE and PROT_EXEC flags are set. This can lead to exploitable memory regions, which could be overwritten with malicious code}}
   (void)m;
 }
+
+// gh62285: no crash on non concrete arg 'prot'
+void *gh62285(void *addr, int prot)
+{
+  return mmap(addr, 1, prot, 1, 1, 1);
+}
Index: clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
@@ -48,8 +48,10 @@
                                          CheckerContext &C) const {
   if (matchesAny(Call, MmapFn, MprotectFn)) {
     SVal ProtVal = Call.getArgSVal(2);
-    auto ProtLoc = ProtVal.castAs<nonloc::ConcreteInt>();
-    int64_t Prot = ProtLoc.getValue().getSExtValue();
+    auto ProtLoc = ProtVal.getAs<nonloc::ConcreteInt>();
+    if (!ProtLoc)
+      return;
+    int64_t Prot = ProtLoc->getValue().getSExtValue();
     if (ProtExecOv != ProtExec)
       ProtExec = ProtExecOv;
     if (ProtReadOv != ProtRead)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D158953.554566.patch
Type: text/x-patch
Size: 1368 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230830/a383d22f/attachment.bin>

More information about the cfe-commits mailing list