[clang] [analyzer] Removing untrusted buffer size taint warning (PR #68607)
via cfe-commits
cfe-commits at lists.llvm.org
Wed Feb 28 06:40:54 PST 2024
================
@@ -305,15 +305,19 @@ void testGets_s(void) {
void testTaintedBufferSize(void) {
size_t ts;
+ // malloc, calloc, bcopy, memcpy functions are removed as unconditional sinks
+ // from the GenericTaintChecker's default configuration,
+ // because it generated too many false positives.
+ // We would need more sophisticated handling of these reports to enable
+ // these test-cases again.
----------------
NagyDonat wrote:
```suggestion
// The functions malloc, calloc, bcopy and memcpy are not taint sinks in the
// default config of GenericTaintChecker (because that would cause too many
// false positives).
// FIXME: We should generate warnings when a value passed to these functions
// is tainted and _can be very large_ (because that's exploitable). This
// functionality probably belongs to the checkers that do more detailed
// modeling of these functions (MallocChecker and CStringChecker).
```
The descriptions of changes (like "functions are removed ..., because ...") belong to the commit message; in an inline comment you should primarily speak about the *current* state of the code (after the commit).
https://github.com/llvm/llvm-project/pull/68607
More information about the cfe-commits
mailing list