[clang] [analyzer] Removing untrusted buffer size taint warning (PR #68607)

DonĂ¡t Nagy via cfe-commits cfe-commits at lists.llvm.org
Tue Apr 30 08:51:15 PDT 2024 

================
@@ -95,22 +94,23 @@ void testReadStdIn(){
 }
 
 void multipleTaintSources(void) {
-  int x,y,z;
-  scanf("%d", &x); // expected-note {{Taint originated here}}
+  char cmd[2048], file[1024];
+  scanf ("%1022[^\n] ", cmd); // expected-note {{Taint originated here}}
                    // expected-note at -1 {{Taint propagated to the 2nd argument}}
-  scanf("%d", &y); // expected-note {{Taint originated here}}
+  scanf ("%1023[^\n]", file); // expected-note {{Taint originated here}}
                    // expected-note at -1 {{Taint propagated to the 2nd argument}}
-  scanf("%d", &z);
-  int* ptr = (int*) malloc(y + x); // expected-warning {{Untrusted data is used to specify the buffer size}}
-                                   // expected-note at -1{{Untrusted data is used to specify the buffer size}}
-  free (ptr);
+  strcat(cmd, file);// expected-note {{Taint propagated to the 1st argument}}
+  system(cmd); // expected-warning {{Untrusted data is passed to a system call}}
+               // expected-note at -1{{Untrusted data is passed to a system call}}
 }
 
 void multipleTaintedArgs(void) {
-  int x,y;
-  scanf("%d %d", &x, &y); // expected-note {{Taint originated here}}
+  char cmd[1024], file[1024], buf[2048];
+  scanf("%1022s %1023s", cmd, file); // expected-note {{Taint originated here}}
                           // expected-note at -1 {{Taint propagated to the 2nd argument, 3rd argument}}
-  int* ptr = (int*) malloc(x + y); // expected-warning {{Untrusted data is used to specify the buffer size}}
-                                   // expected-note at -1{{Untrusted data is used to specify the buffer size}}
-  free (ptr);
+  strcpy(buf, cmd);// expected-note {{Taint propagated to the 1st argument}}
+  strcat(buf," ");// expected-note {{Taint propagated to the 1st argument}}
----------------
NagyDonat wrote:

```suggestion
  strcat(buf, " ");// expected-note {{Taint propagated to the 1st argument}}
```
Just whitespace bikeshedding...

https://github.com/llvm/llvm-project/pull/68607

More information about the cfe-commits mailing list