================
@@ -104,15 +146,35 @@ void ChrootChecker::evalChdir(const CallEvent &Call,
CheckerContext &C) const {
R = R->StripCasts();
if (const StringRegion* StrRegion= dyn_cast<StringRegion>(R)) {
const StringLiteral* Str = StrRegion->getStringLiteral();
- if (Str->getString() == "/")
- state = Mgr.addGDM(state, ChrootChecker::getTag(),
- (void*) JAIL_ENTERED);
+ if (Str->getString() == "/") {
+ state = state->set<ChrootState>(JAIL_ENTERED);
+ }
}
}
C.addTransition(state);
}
+const ExplodedNode *ChrootChecker::getAcquisitionSite(const ExplodedNode *N,
+ CheckerContext &C) {
+ ProgramStateRef State = N->getState();
+ // When bug type is resource leak, exploded node N may not have state info
+ // for leaked file descriptor, but predecessor should have it.
+ if (!State->get<ChrootCall>())
+ N = N->getFirstPred();
+
+ const ExplodedNode *Pred = N;
+ while (N) {
+ State = N->getState();
+ if (!State->get<ChrootCall>())
+ return Pred;
+ Pred = N;
+ N = N->getFirstPred();
+ }
----------------
vabridgers wrote:
I had to move this graph walk to the visitor since I needed to find the node
where chroot was found. I experimented with avoiding this graph walk, but could
not find a way. I found the approach I'm using in the current Stream Checker
for the same reasons I'm using it, which is to get the location info for the
chroot instance and chdir instance for bug reporting. See StreamChecker.cpp,
method reportLeaks which uses getAcquisitionSite. That approach usage also uses
a visitor.
https://github.com/llvm/llvm-project/pull/117791
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
