[clang] [analyzer] Removing untrusted buffer size taint warning (PR #68607)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Tue Apr 30 08:51:15 PDT 2024
================
@@ -95,22 +94,23 @@ void testReadStdIn(){
}
void multipleTaintSources(void) {
- int x,y,z;
- scanf("%d", &x); // expected-note {{Taint originated here}}
+ char cmd[2048], file[1024];
+ scanf ("%1022[^\n] ", cmd); // expected-note {{Taint originated here}}
// expected-note at -1 {{Taint propagated to the 2nd argument}}
- scanf("%d", &y); // expected-note {{Taint originated here}}
+ scanf ("%1023[^\n]", file); // expected-note {{Taint originated here}}
// expected-note at -1 {{Taint propagated to the 2nd argument}}
- scanf("%d", &z);
- int* ptr = (int*) malloc(y + x); // expected-warning {{Untrusted data is used to specify the buffer size}}
- // expected-note at -1{{Untrusted data is used to specify the buffer size}}
- free (ptr);
+ strcat(cmd, file);// expected-note {{Taint propagated to the 1st argument}}
+ system(cmd); // expected-warning {{Untrusted data is passed to a system call}}
+ // expected-note at -1{{Untrusted data is passed to a system call}}
}
void multipleTaintedArgs(void) {
- int x,y;
- scanf("%d %d", &x, &y); // expected-note {{Taint originated here}}
+ char cmd[1024], file[1024], buf[2048];
+ scanf("%1022s %1023s", cmd, file); // expected-note {{Taint originated here}}
// expected-note at -1 {{Taint propagated to the 2nd argument, 3rd argument}}
- int* ptr = (int*) malloc(x + y); // expected-warning {{Untrusted data is used to specify the buffer size}}
- // expected-note at -1{{Untrusted data is used to specify the buffer size}}
- free (ptr);
+ strcpy(buf, cmd);// expected-note {{Taint propagated to the 1st argument}}
+ strcat(buf," ");// expected-note {{Taint propagated to the 1st argument}}
----------------
NagyDonat wrote:
```suggestion
strcat(buf, " ");// expected-note {{Taint propagated to the 1st argument}}
```
Just whitespace bikeshedding...
https://github.com/llvm/llvm-project/pull/68607
More information about the cfe-commits
mailing list