[clang] [analyzer][clangsa] Add new option to alpha.security.cert.InvalidPtrChecker (PR #67663)
Endre Fülöp via cfe-commits
cfe-commits at lists.llvm.org
Mon Oct 2 05:19:22 PDT 2023
================
@@ -2399,13 +2399,34 @@ pointer. These functions include: getenv, localeconv, asctime, setlocale, strerr
char *p, *pp;
p = getenv("VAR");
- pp = getenv("VAR2");
- // subsequent call to 'getenv' invalidated previous one
+ setenv("SOMEVAR", "VALUE", /*overwrite*/1);
+ // call to 'setenv' may invalidate p
*p;
// dereferencing invalid pointer
}
+
+The ``InvalidatingGetEnv`` option is available for treating getenv calls as
+invalidating. When enabled, the checker issues a warning if getenv is called
+multiple times and their results are used without first creating a copy.
+This level of strictness might be considered overly pedantic for a standard
+getenv implementation.
----------------
gamesh411 wrote:
fixed as well (5e2d77aa0c14ee8695bcde55b68daa22ccb84a1b)
https://github.com/llvm/llvm-project/pull/67663
More information about the cfe-commits
mailing list