[PATCH] D35068: [analyzer] Detect usages of unsafe I/O functions

George Karpenkov via Phabricator via cfe-commits Wed, 28 Feb 2018 11:11:43 -0800

george.karpenkov added inline comments.


================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:100
   void checkCall_strcat(const CallExpr *CE, const FunctionDecl *FD);
+  void checkDeprecatedOrUnsafeBufferHandling(const CallExpr *CE, const 
FunctionDecl *FD);
   void checkCall_rand(const CallExpr *CE, const FunctionDecl *FD);
----------------
80 chars


================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:165
+    .Case("strncat", &WalkAST::checkDeprecatedOrUnsafeBufferHandling)
+    .Case("memset", &WalkAST::checkDeprecatedOrUnsafeBufferHandling)
     .Case("drand48", &WalkAST::checkCall_rand)
----------------
That's a lot of duplicated `WalkAST::checkDeprecatedOrUnsafeBufferHandling`. 
Could that be simplified?


================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:618
+  StringRef Name = FD->getIdentifier()->getName();
+  int ArgIndex = llvm::StringSwitch<int>(Name)
+                     .Case("sprintf", 1)
----------------
That's a lot of duplication of 1/0/-1.


And also 1/0/-1 are cryptic symbols, why not use an enum with a descriptive 
name?
Maybe use
`.Cases("sprintf", "vsprintf", "vfscanf", WARN_UNSAFE)` ?


https://reviews.llvm.org/D35068



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D35068: [analyzer] Detect usages of unsafe I/O functions

Reply via email to