[clang] [analyzer] Add optin.taint.TaintedDiv checker (PR #106389)

Donát Nagy via cfe-commits Mon, 30 Sep 2024 04:57:59 -0700

================
@@ -1288,6 +1288,34 @@ by explicitly marking the ``size`` parameter as 
sanitized. See the
     delete[] ptr;
   }
 
+.. _optin-taint-TaintedDiv:
+
+optin.taint.TaintedDiv (C, C++, ObjC)
+"""""""""""""""""""""""""""""""""""""
+This checker warns when the denominator in a division
+operation is a tainted (potentially attacker controlled) value.
+If the attacker can set the denominator to 0, a runtime error can
+be triggered. The checker warns if the analyzer cannot prove
+that the denominator is not 0 and it is a tainted value.
----------------
NagyDonat wrote:


```suggestion
be triggered. The checker warns when the denominator is a tainted value and the
analyzer cannot prove that it is not 0.
```
Swap these two conditions to clarify that  "is a tainted value" is not within 
the "the analyzer cannot prove that" block.

https://github.com/llvm/llvm-project/pull/106389
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Add optin.taint.TaintedDiv checker (PR #106389)

Reply via email to