[cfe-dev] How to force Clang static checker to check the code that will not be executed in some situations???

changze cui via cfe-dev cfe-dev at lists.llvm.org
Thu Jan 3 02:27:27 PST 2019 

Hi all,
   Recently, I am using Clang static checker to find buffer overflow
related bugs. There is one case that the buggy code will be executed only
if STATS is defined  (#ifdef STATS). I hope my checker can find all the
bugs in a program even in the cases that the code will not be executed for
now. Do you have any idea how can I achieve this?
   The following is a part of the buggy code. Since "STATS" is not defined,
variable a and ns will be NULL. Thus, some code will not be checked by
Clang and the checker will miss one bug.
   I put the full code as the attached file. Let me know if you have any
solution. Thanks in advance!!

Regards,
Chaz

static void nslookupComplain(sysloginfo, queryname, complaint, dname, a_rr,
nsdp)
const char *sysloginfo, *queryname, *complaint, *dname;
const struct databuf *a_rr, *nsdp;
{
#ifdef STATS
char nsbuf[20];
char abuf[20];
#endif
  char *a, *ns;
  if (sysloginfo && queryname)
   {
   char buf[999];

    a = ns = (char *)NULL;
#ifdef STATS
/* this part will not be executed because STATS is not defined */
/* so a and ns will be equal to NULL */
    if (nsdp) {
     /* assign value to a and ns */
    }
#endif
    if ( a != NULL || ns != NULL)
     {
/* the code here will not be checked by Clang because a and ns are equal to
NULL */
     /*This line is a buggy point, but it cannot be found by Clang static
checker now*/
     sprintf(buf, "%s: query(%s) %s (%s:%s) learnt (A=%s:NS=%s)",
       sysloginfo, queryname,
       complaint, dname,
       inet_ntoa(data_inaddr(a_rr->d_data)),
       a ? a : "<Not Available>",
       ns ? ns : "<Not Available>" );
     }
    else{
     /*This is another buggy point, can be found by Clang static checker*/
     sprintf(buf, "%s: query(%s) %s (%s:%s)",
       sysloginfo, queryname,
       complaint, dname,
       inet_ntoa(data_inaddr(a_rr->d_data)));
     }
   }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190103/5335f433/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ns-lookup-klee.c
Type: text/x-csrc
Size: 11936 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190103/5335f433/attachment.c>

More information about the cfe-dev mailing list