Author: Balazs Benics Date: 2023-09-14T11:55:10+02:00 New Revision: 909c9639994b5467e8c8424580063e29139d1def
URL: https://github.com/llvm/llvm-project/commit/909c9639994b5467e8c8424580063e29139d1def DIFF: https://github.com/llvm/llvm-project/commit/909c9639994b5467e8c8424580063e29139d1def.diff LOG: [analyzer] Fix stdin declaration in C++ tests (#66074) The `stdin` declaration should be within `extern "C" {...}`, in C++ mode. In addition, it should be also marked `extern` in both C and C++ modes. I tightened the check to ensure we only accept `stdin` if both of these match. However, from the Juliet test suite's perspective, this commit should not matter. https://github.com/llvm/llvm-project/pull/66074 Added: Modified: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp clang/test/Analysis/taint-diagnostic-visitor.c clang/test/Analysis/taint-generic.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp index 3dcb45c0b110383..8138c8411fb2613 100644 --- a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp @@ -104,8 +104,7 @@ bool isStdin(SVal Val, const ASTContext &ACtx) { // variable named stdin with the proper type. if (const auto *D = dyn_cast_or_null<VarDecl>(DeclReg->getDecl())) { D = D->getCanonicalDecl(); - // FIXME: This should look for an exact match. - if (D->getName().contains("stdin") && D->isExternC()) { + if (D->getName() == "stdin" && D->hasExternalStorage() && D->isExternC()) { const QualType FILETy = ACtx.getFILEType().getCanonicalType(); const QualType Ty = D->getType().getCanonicalType(); diff --git a/clang/test/Analysis/taint-diagnostic-visitor.c b/clang/test/Analysis/taint-diagnostic-visitor.c index 663836836d3db67..f1b9ceebdd9a6b8 100644 --- a/clang/test/Analysis/taint-diagnostic-visitor.c +++ b/clang/test/Analysis/taint-diagnostic-visitor.c @@ -13,7 +13,7 @@ size_t strlen( const char* str ); void *malloc(size_t size ); void free( void *ptr ); char *fgets(char *str, int n, FILE *stream); -FILE *stdin; +extern FILE *stdin; void taintDiagnostic(void) { diff --git a/clang/test/Analysis/taint-generic.cpp b/clang/test/Analysis/taint-generic.cpp index 09cd54471948e1a..c907c8f5eeb958b 100644 --- a/clang/test/Analysis/taint-generic.cpp +++ b/clang/test/Analysis/taint-generic.cpp @@ -7,6 +7,12 @@ int scanf(const char*, ...); int mySource1(); int mySource3(); +typedef struct _FILE FILE; +extern "C" { +extern FILE *stdin; +} +int fscanf(FILE *stream, const char *format, ...); + bool isOutOfRange2(const int*); void mySink2(int); @@ -124,3 +130,9 @@ void testConfigurationMemberFunc() { foo.myMemberScanf("%d", &x); Buffer[x] = 1; // expected-warning {{Out of bound memory access }} } + +void testReadingFromStdin(char **p) { + int n; + fscanf(stdin, "%d", &n); + Buffer[n] = 1; // expected-warning {{Out of bound memory access (index is tainted)}} +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
