steakhal added a comment.
Overall I think it's a useful checker not only for checking the `getenv()` but
a bunch of other functions as well, which might return a pointer to a
statically allocated buffer.
The implementation could be polished a bit but it's ok I think.
About the produced reports, they were all useful and clear.
It is triggered only if it sees evidence(*) of the use of the invalidated
pointer and highlights where it was produced and later invalidated.
(*) escaping via a conservatively evaluated function call also counts as such.
There are pros and cons to this, but in this case, it seems like it's a good
choice.
================
Comment at: clang/docs/analyzer/checkers.rst:2056
+
.. _alpha-security-cert-pos-checkers:
----------------
?
================
Comment at: clang/test/Analysis/cert/env34-c-cert-examples.c:26-27
+
+ if (strcmp(tmpvar, tempvar) == 0) { // body of strcmp is unknown
+ // expected-warning@-1{{use of invalidated pointer 'tmpvar' in a function
call}}
+ }
----------------
I just want to highlight the capabilities of this checker.
Here we are using the invalid `tmpvar` pointer in a conservatively evaluated
function call, and we still have a warning. Which is awesome.
Just imagine that `getenv()` would return a pointer to the same static buffer,
then the `strcmp()` would always succeed, which is likely a bug.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D97699/new/
https://reviews.llvm.org/D97699
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
