[cfe-dev] Adding taint sources to GenericTaintChecker

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Mon Apr 11 08:13:32 PDT 2016

On 11.04.2016 16:32, Ashwin Ganesh wrote:
 > Is there anyway by which I can guarantee those
 > initial return values to be tainted?

There shouldn't be a problem unless these values are compile-time constants.

There might be a bit tricky (though not very hard) to determine if the 
correct function is called, in case it's actually loaded from a dynamic 
library and passed around as a pointer, but that's a different story. If 
the loading process is hidden in another translation unit, and the end 
user receives only a forward declaration of readval(), that shouldn't be 
a problem.

More information about the cfe-dev mailing list