[clang] [analyzer] Removing untrusted buffer size taint warning (PR #68607)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Thu May 2 07:35:51 PDT 2024
================
@@ -95,22 +94,23 @@ void testReadStdIn(){
}
void multipleTaintSources(void) {
- int x,y,z;
- scanf("%d", &x); // expected-note {{Taint originated here}}
+ char cmd[2048], file[1024];
+ scanf ("%1022[^\n] ", cmd); // expected-note {{Taint originated here}}
// expected-note at -1 {{Taint propagated to the 2nd argument}}
- scanf("%d", &y); // expected-note {{Taint originated here}}
+ scanf ("%1023[^\n]", file); // expected-note {{Taint originated here}}
// expected-note at -1 {{Taint propagated to the 2nd argument}}
- scanf("%d", &z);
- int* ptr = (int*) malloc(y + x); // expected-warning {{Untrusted data is used to specify the buffer size}}
- // expected-note at -1{{Untrusted data is used to specify the buffer size}}
- free (ptr);
+ strcat(cmd, file);// expected-note {{Taint propagated to the 1st argument}}
----------------
NagyDonat wrote:
```suggestion
strcat(cmd, file); // expected-note {{Taint propagated to the 1st argument}}
strcat(cmd, " "); // expected-note {{Taint propagated to the 1st argument}}
```
https://github.com/llvm/llvm-project/pull/68607
More information about the cfe-commits
mailing list