================ @@ -1859,6 +1859,32 @@ this) and always check the return value of these calls. This check corresponds to SEI CERT Rule `POS36-C <https://wiki.sei.cmu.edu/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges>`_. +.. _security-VAList: + +security.VAList (C, C++) +"""""""""""""""""""""""" +Reports use of uninitialized (or already released) ``va_list`` objects and +situations where a ``va_start`` call is not followed by ``va_end``. + +Report out of bounds access to memory that is before the start or after the end +of the accessed region (array, heap-allocated region, string literal etc.). +This usually means incorrect indexing, but the checker also detects access via +the operators ``*`` and ``->``. + +.. code-block:: c + + int test_use_after_release(int x, ...) { + va_list va; + va_start(va, x); + va_end(va, x); + return va_arg(va, int); // warn: va is uninitialized + } + + int test_leak(int x, ...) { + va_list va; + va_start(va, x); + } // warn: va is never released ---------------- steakhal wrote:
The actual diag phrases this as `Initialized va_list 'va' is leaked`, so uses the phrase `leaked` instead of `released`. https://github.com/llvm/llvm-project/pull/156682 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
