[clang] [analyzer] New optin.taint.TaintAlloc checker for catching unbounded memory allocation calls (PR #92420)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Wed May 29 01:44:35 PDT 2024
================
@@ -1779,18 +1797,76 @@ ProgramStateRef MallocChecker::MallocMemAux(CheckerContext &C,
const CallEvent &Call,
const Expr *SizeEx, SVal Init,
ProgramStateRef State,
- AllocationFamily Family) {
+ AllocationFamily Family) const {
if (!State)
return nullptr;
assert(SizeEx);
return MallocMemAux(C, Call, C.getSVal(SizeEx), Init, State, Family);
}
+void MallocChecker::reportTaintBug(StringRef Msg, ProgramStateRef State,
+ CheckerContext &C,
+ llvm::ArrayRef<SymbolRef> TaintedSyms,
+ AllocationFamily Family) const {
+
+ if (!ChecksEnabled[CK_TaintAllocChecker])
+ return;
----------------
NagyDonat wrote:
Move this check to `CheckTaintedness` -- there is no reason to calculate taint information if it won't be reported.
https://github.com/llvm/llvm-project/pull/92420
More information about the cfe-commits
mailing list