[LLVMbugs] [Bug 13886] New: proposed new code for added functionality and improvement in Checker GenericTaintChecker and CStringChecker

Thu Sep 20 06:46:51 PDT 2012

http://llvm.org/bugs/show_bug.cgi?id=13886

             Bug #: 13886
           Summary: proposed new code for added functionality and
                    improvement in Checker GenericTaintChecker and
                    CStringChecker
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: lionel.prat9 at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 9240
  --> http://llvm.org/bugs/attachment.cgi?id=9240
Patch on version trunk

CStringChecker:
Added functionality to detect the memory overflow (src tainted sizeof > dst
sizeof) during a memory copy from an input tainted

GenericTaintChecker:
Adding functions propagation: strlen, strtok, fgets
Improvement detect stdin and adding on entry "0"

Removing the removal of the tag propagation on the old element or propagated
source... 
exemple:
fgets(addr, sizeof(addr), stdin); stdin -> addr(tainted)
sprintf(buffer, "test 1 %s", addr); addr -> buffer(tainted) but with old
version, addr no longer had the tag propagation, if it was reused by another
copy function then we would not see the spread.

Sorry for my english...

cordially,
Lionel

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.