[clang] [analyzer] Fix core.VLASize checker false positive taint reports (PR #68140)
Daniel Krupp via cfe-commits
cfe-commits at lists.llvm.org
Fri Feb 23 01:10:03 PST 2024
dkrupp wrote:
I executed the analysis with this patch on the following open source projects: memcached,tmux,curl,twin,vim,openssl,sqlite,ffmpeg,postgres, xerces
And it did not bring any visible change in the reports. So there were no new or resolved findings compared to the baseline.
In both the baseline and the new analysis execution the alpha.security.taint.TaintPropagation and the core.VLASize checkers were enabled.
Link to the diff:
https://codechecker-demo.eastus.cloudapp.azure.com/Default/reports?review-status=Unreviewed&review-status=Confirmed%20bug&detection-status=New&detection-status=Reopened&detection-status=Unresolved&run=%2avla_taint_baseline&is-unique=off&newcheck=%2avla_taint_new&diff-type=New&checker-msg=%2ataint%2a
https://github.com/llvm/llvm-project/pull/68140
More information about the cfe-commits
mailing list