xazax.hun added a comment.
I think I found the main problem with the current model, at least for the
FuchsiaHandleCheck.
Consider the following two snippets:
zx_handle_t *get_handle_address();
void escape_store_to_escaped_region01() {
zx_handle_t sb;
if (zx_channel_create(0, get_handle_address(), &sb))
return;
zx_handle_close(sb);
}
void leak() {
zx_handle_t sa, sb;
if (zx_channel_create(0, &sa, &sb))
return;
zx_handle_close(sb);
}
In the first one I want the first handle to be escaped in the second one I do
not want it to be escaped.
With my current proposed changes the checker will receive a pointer escape
callback for both but it does not have enough info to differentiate between the
two cases.
If I do not act upon this kind of escape I end up reporting a false positive in
the first case. If I act on this escape I end up missing a true positive in the
second case.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71224/new/
https://reviews.llvm.org/D71224
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
