[clang] [analyzer] Removing untrusted buffer size taint warning (PR #68607)
via cfe-commits
cfe-commits at lists.llvm.org
Mon Oct 9 09:53:40 PDT 2023
================
@@ -753,32 +756,16 @@ void GenericTaintChecker::initTaintRules(CheckerContext &C) const {
{{{"execvp"}}, TR::Sink({{0, 1}}, MsgSanitizeSystemArgs)},
{{{"execvpe"}}, TR::Sink({{0, 1, 2}}, MsgSanitizeSystemArgs)},
{{{"dlopen"}}, TR::Sink({{0}}, MsgSanitizeSystemArgs)},
- {{CDF_MaybeBuiltin, {{"malloc"}}}, TR::Sink({{0}}, MsgTaintedBufferSize)},
- {{CDF_MaybeBuiltin, {{"calloc"}}}, TR::Sink({{0}}, MsgTaintedBufferSize)},
- {{CDF_MaybeBuiltin, {{"alloca"}}}, TR::Sink({{0}}, MsgTaintedBufferSize)},
- {{CDF_MaybeBuiltin, {{"memccpy"}}},
- TR::Sink({{3}}, MsgTaintedBufferSize)},
- {{CDF_MaybeBuiltin, {{"realloc"}}},
- TR::Sink({{1}}, MsgTaintedBufferSize)},
+ // malloc, calloc, alloca, realloc, memccpy
+ // are intentionally left out as taint sinks
+ // because unconditional reporting for these functions
+ // generate many false positives.
+ // These taint sinks should be implemented in other checkers
+ // with more sophisticated sanitation heuristics.
{{{{"setproctitle"}}}, TR::Sink({{0}, 1}, MsgUncontrolledFormatString)},
{{{{"setproctitle_fast"}}},
TR::Sink({{0}, 1}, MsgUncontrolledFormatString)},
-
- // SinkProps
----------------
DonatNagyE wrote:
After removing these, the trivial helper function `GenericTaintRule::SinkProp()` became unused, so you should remove it a well.
https://github.com/llvm/llvm-project/pull/68607
More information about the cfe-commits
mailing list