[PATCH] D159105: [analyzer] ArrayBoundCheckerV2 should check the region for taint as well
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Aug 31 08:11:28 PDT 2023
steakhal added a comment.
There are still a few FPs of the kind, where they iterate over the result of `getenv` in a loop, and continuously checks the character against the zero terminator.
I refined the suppression heuristic as follows:
- If the offset is zero, don't report taint issue. (as I suggested in the previous heuristic)
- If the offset is non-zero, calculate the offset for the previous element and check if the value there is proven to be non-zero. If it cannot be zero, don't report this taint issue.
I'll check the results tomorrow.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D159105/new/
https://reviews.llvm.org/D159105
More information about the cfe-commits
mailing list