[clang] [analyzer] TaintPropagation checker strlen() should not propagate (PR #66086)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Thu Sep 14 02:33:49 PDT 2023
================
@@ -915,24 +915,6 @@ void testStrndupa(size_t n) {
clang_analyzer_isTainted_charp(result); // expected-warning {{YES}}
}
-size_t strlen(const char *s);
-void testStrlen() {
- char s[10];
- scanf("%9s", s);
-
- size_t result = strlen(s);
- clang_analyzer_isTainted_int(result); // expected-warning {{YES}}
-}
-
-size_t strnlen(const char *s, size_t maxlen);
-void testStrnlen(size_t maxlen) {
- char s[10];
- scanf("%9s", s);
-
- size_t result = strnlen(s, maxlen);
- clang_analyzer_isTainted_int(result); // expected-warning {{YES}}
-}
-
----------------
steakhal wrote:
In general, I oppose removing FN tests. They are good at documenting intent, if for nothing else.
It might be even better to add comments there about why we think it's okay and intentional to not propagate taint there. Also, adding a PR link would give the possibility to look deeper to understand the why.
https://github.com/llvm/llvm-project/pull/66086
More information about the cfe-commits
mailing list