[clang] [analyzer] Fix core.VLASize checker false positive taint reports (PR #68140)
via cfe-commits
cfe-commits at lists.llvm.org
Wed Oct 4 07:38:27 PDT 2023
================
@@ -220,7 +220,7 @@ void VLASizeChecker::reportTaintBug(const Expr *SizeE, ProgramStateRef State,
SmallString<256> buf;
llvm::raw_svector_ostream os(buf);
os << "Declared variable-length array (VLA) ";
- os << "has tainted size";
+ os << "has a tainted (attacker controlled) size, that can be 0 or negative";
----------------
DonatNagyE wrote:
```suggestion
os << "has a tainted (attacker controlled) size that can be 0 or negative";
```
https://github.com/llvm/llvm-project/pull/68140
More information about the cfe-commits
mailing list