[PATCH] D159105: [analyzer] ArrayBoundCheckerV2 should check the region for taint as well
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Sep 1 02:40:50 PDT 2023
steakhal added a comment.
In D159105#4631504 <https://reviews.llvm.org/D159105#4631504>, @steakhal wrote:
> There are still a few FPs of the kind, where they iterate over the result of `getenv` in a loop, and continuously checks the character against the zero terminator.
> I refined the suppression heuristic as follows:
>
> - If the offset is zero, don't report taint issue. (as I suggested in the previous heuristic)
> - If the offset is non-zero, calculate the offset for the previous element and check if the value there is proven to be non-zero. If it cannot be zero, don't report this taint issue.
>
> I'll check the results tomorrow.
There are still FPs. I'll refine the heuristic to accept any constraint.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D159105/new/
https://reviews.llvm.org/D159105
More information about the cfe-commits
mailing list