Author: Balázs Kéri Date: 2024-09-03T10:31:36+02:00 New Revision: 525ffd626231a8c6fecb0b886c272ff4568f09f5
URL: https://github.com/llvm/llvm-project/commit/525ffd626231a8c6fecb0b886c272ff4568f09f5 DIFF: https://github.com/llvm/llvm-project/commit/525ffd626231a8c6fecb0b886c272ff4568f09f5.diff LOG: [clang][analyzer] Bring alpha.security.MmapWriteExec checker out of alpha package (#102636) Added: Modified: clang/docs/analyzer/checkers.rst clang/include/clang/StaticAnalyzer/Checkers/Checkers.td clang/test/Analysis/mmap-writeexec.c Removed: ################################################################################ diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index 89a1018e14c0e6..847bf4baf74887 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -1293,6 +1293,22 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C) strncpy(buf, "a", 1); // warn } +.. _security-MmapWriteExec: + +security.MmapWriteExec (C) +"""""""""""""""""""""""""" +Warn on ``mmap()`` calls with both writable and executable access. + +.. code-block:: c + + void test(int n) { + void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC, + MAP_PRIVATE | MAP_ANON, -1, 0); + // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to + // exploitable memory regions, which could be overwritten with malicious + // code + } + .. _security-putenv-stack-array: security.PutenvStackArray (C) @@ -2967,22 +2983,6 @@ Warn about buffer overflows (newer checker). char c = s[x]; // warn: index is tainted } -.. _alpha-security-MmapWriteExec: - -alpha.security.MmapWriteExec (C) -"""""""""""""""""""""""""""""""" -Warn on mmap() calls that are both writable and executable. - -.. code-block:: c - - void test(int n) { - void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC, - MAP_PRIVATE | MAP_ANON, -1, 0); - // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to - // exploitable memory regions, which could be overwritten with malicious - // code - } - .. _alpha-security-ReturnPtrRange: alpha.security.ReturnPtrRange (C) diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td index fb4114619ac3d3..585246547b3dce 100644 --- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td +++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td @@ -1000,6 +1000,10 @@ def FloatLoopCounter : Checker<"FloatLoopCounter">, Dependencies<[SecuritySyntaxChecker]>, Documentation<HasDocumentation>; +def MmapWriteExecChecker : Checker<"MmapWriteExec">, + HelpText<"Warn on mmap() calls with both writable and executable access">, + Documentation<HasDocumentation>; + def PutenvStackArray : Checker<"PutenvStackArray">, HelpText<"Finds calls to the function 'putenv' which pass a pointer to " "an automatic (stack-allocated) array as the argument.">, @@ -1039,10 +1043,6 @@ def ArrayBoundCheckerV2 : Checker<"ArrayBoundV2">, HelpText<"Warn about buffer overflows (newer checker)">, Documentation<HasDocumentation>; -def MmapWriteExecChecker : Checker<"MmapWriteExec">, - HelpText<"Warn on mmap() calls that are both writable and executable">, - Documentation<HasDocumentation>; - def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, HelpText<"Check for an out-of-bound pointer being returned to callers">, Documentation<HasDocumentation>; diff --git a/clang/test/Analysis/mmap-writeexec.c b/clang/test/Analysis/mmap-writeexec.c index 579cc75069eec7..bca34d167fbc92 100644 --- a/clang/test/Analysis/mmap-writeexec.c +++ b/clang/test/Analysis/mmap-writeexec.c @@ -1,5 +1,5 @@ -// RUN: %clang_analyze_cc1 -triple i686-unknown-linux -analyzer-checker=alpha.security.MmapWriteExec -DUSE_ALTERNATIVE_PROT_EXEC_DEFINITION -verify %s -// RUN: %clang_analyze_cc1 -triple x86_64-unknown-apple-darwin10 -analyzer-checker=alpha.security.MmapWriteExec -verify %s +// RUN: %clang_analyze_cc1 -triple i686-unknown-linux -analyzer-checker=security.MmapWriteExec -DUSE_ALTERNATIVE_PROT_EXEC_DEFINITION -verify %s +// RUN: %clang_analyze_cc1 -triple x86_64-unknown-apple-darwin10 -analyzer-checker=security.MmapWriteExec -verify %s #ifndef USE_ALTERNATIVE_PROT_EXEC_DEFINITION #define PROT_EXEC 0x01 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
