[clang] [clang][analyzer] Move PutenvStackArrayChecker out of alpha package. (PR #93980)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Sat Jun 1 00:55:39 PDT 2024
================
@@ -1179,6 +1179,41 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C)
strncpy(buf, "a", 1); // warn
}
+.. _security-putenv-stack-array:
+
+security.PutenvStackArray (C)
+"""""""""""""""""""""""""""""
+Finds calls to the ``putenv`` function which pass a pointer to a stack-allocated
+(automatic) array as the argument. Function ``putenv`` does not copy the passed
+string, only a pointer to the data is stored and this data can be read even by
+other threads. Content of a stack-allocated array is likely to be overwritten
+after returning from the parent function.
----------------
steakhal wrote:
```suggestion
after returning to the parent function.
```
https://github.com/llvm/llvm-project/pull/93980
More information about the cfe-commits
mailing list