steakhal requested changes to this revision.
steakhal added a comment.
This revision now requires changes to proceed.
E.g. `execl()` and `execlp` functions are actually variadic. You should also
account for them.
I would rather map directly to a full-fledged Propagation rule instead of to a
sensitive arg index list. That way you could express this property.
Demonstrate this in a test.
Actually, the `CallDescriptionFlags::CDF_MaybeBuiltin` CallDescriptions will
use the `CCtx::isCLibraryFunction()` for matching the call.
By using that the code would get significantly shorter and more readable as
well.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:951-957
+ // Find the first argument that receives a tainted value.
+ // The report is emitted as a side-effect.
+ return llvm::find_if(SensitiveArgs, [this, &C, &Call](unsigned Idx) {
+ return Idx < Call.getNumArgs() &&
+ generateReportIfTainted(Call.getArgExpr(Idx), MsgCustomSink,
+ C);
+ }) != SensitiveArgs.end();
----------------
These algorithms are not supposed to have side-effects. Even though we
technically could have side-effects, I would still apply it separately.
That being said, this seems to be a copy-paste version of the previous hunk,
like 3rd time.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D114706/new/
https://reviews.llvm.org/D114706
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
