[clang] [analyzer] Fix core.VLASize checker false positive taint reports (PR #68140)
via cfe-commits
cfe-commits at lists.llvm.org
Fri Feb 23 01:26:50 PST 2024
================
@@ -218,7 +218,7 @@ void VLASizeChecker::reportTaintBug(const Expr *SizeE, ProgramStateRef State,
SmallString<256> buf;
llvm::raw_svector_ostream os(buf);
os << "Declared variable-length array (VLA) ";
- os << "has tainted size";
+ os << "has a tainted (attacker controlled) size that can be 0 or negative";
----------------
NagyDonat wrote:
```suggestion
os << "has tainted (attacker controlled) size that can be 0 or negative";
```
I feel that the indefinite article "sounds strange" in this message, because the size of an array is a specific unique value. Another alternative would be "The size of the variable-length array (VLA) is a tainted value that can be 0 or negative" or something similar.
Of course the tests need to be updated if you change this message.
https://github.com/llvm/llvm-project/pull/68140
More information about the cfe-commits
mailing list