https://github.com/dkrupp closed
https://github.com/llvm/llvm-project/pull/112215
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp converted_to_draft
https://github.com/llvm/llvm-project/pull/112215
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/112215
None
>From 972c3089bffbce3516b711c4fc02df561b98433f Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 3 Jun 2024 13:45:17 +0200
Subject: [PATCH 1/8] taint example code
---
.../StaticAnalyzer/taint_focused
https://github.com/dkrupp closed
https://github.com/llvm/llvm-project/pull/112212
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/112212
None
>From 972c3089bffbce3516b711c4fc02df561b98433f Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 3 Jun 2024 13:45:17 +0200
Subject: [PATCH 1/8] taint example code
---
.../StaticAnalyzer/taint_focused
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/106389
>From beb6f6787f4a92e8892ba8f19d0af924edd56e3b Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Wed, 28 Aug 2024 15:32:35 +0200
Subject: [PATCH 1/4] Adding optin.taint.TaintedDiv checker
Tainted division operat
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/106389
>From beb6f6787f4a92e8892ba8f19d0af924edd56e3b Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Wed, 28 Aug 2024 15:32:35 +0200
Subject: [PATCH 1/3] Adding optin.taint.TaintedDiv checker
Tainted division operat
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/106389
>From ccc5da054903568fbd317d5c773251ed84f8f087 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Wed, 28 Aug 2024 15:32:35 +0200
Subject: [PATCH 1/3] Adding optin.taint.TaintedDiv checker
Tainted division operat
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/106389
>From ccc5da054903568fbd317d5c773251ed84f8f087 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Wed, 28 Aug 2024 15:32:35 +0200
Subject: [PATCH 1/3] Adding optin.taint.TaintedDiv checker
Tainted division operat
dkrupp wrote:
> LGTM overall, I added some minor inline remarks.
>
> Also consider adding a few simple testcases to distinguish the effects of
> DivideZero and TaintedDiv. It would also be interesting to highlight what
> happens in situations like
>
> ```c
> int test(void) {
> int x = getch
https://github.com/dkrupp closed https://github.com/llvm/llvm-project/pull/67352
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/67352
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
dkrupp wrote:
@haoNoQ gentle ping. Could you please check if this would be good to be merged
now? thanks.
https://github.com/llvm/llvm-project/pull/67352
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/li
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/106389
>From ccc5da054903568fbd317d5c773251ed84f8f087 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Wed, 28 Aug 2024 15:32:35 +0200
Subject: [PATCH 1/2] Adding optin.taint.TaintedDiv checker
Tainted division operat
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/106389
>From ccc5da054903568fbd317d5c773251ed84f8f087 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Wed, 28 Aug 2024 15:32:35 +0200
Subject: [PATCH] Adding optin.taint.TaintedDiv checker
Tainted division operation
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/106389
>From e979542270b21f4733baf25a7037675af598ca07 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Wed, 28 Aug 2024 15:32:35 +0200
Subject: [PATCH] Adding optin.taint.TaintedDiv checker
Tainted division operation
dkrupp wrote:
@steakhal now the commit is rebased and the results in the description are also
refreshed (not broken).
All the earlier problematic reports related to tainted integers (memset,
malloc, memcpy ...) are not present now as these were removed from this checker
as generic sinks by ea
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/67352
>From 11b85a494bfc844d9474efd2c9679cc5c0f4f889 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Thu, 15 Aug 2024 14:24:35 +0200
Subject: [PATCH 1/2] [analyzer] Moving TaintPropagation and GenericTaint
checkers o
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/67352
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/67352
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/67352
>From 11b85a494bfc844d9474efd2c9679cc5c0f4f889 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Thu, 15 Aug 2024 14:24:35 +0200
Subject: [PATCH] [analyzer] Moving TaintPropagation and GenericTaint checkers
out o
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/67352
>From 21a917403c180d74ec7ac4cf9f15b3c5a8de8b7d Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Thu, 15 Aug 2024 14:24:35 +0200
Subject: [PATCH] [analyzer] Moving TaintPropagation and GenericTaint checkers
out o
https://github.com/dkrupp closed https://github.com/llvm/llvm-project/pull/98157
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/98157
>From 75675417c324a2d1df5e42a8549f6d4bcb779ab4 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 5 Jul 2024 14:02:00 +0200
Subject: [PATCH 1/5] [analyzer] Splitting TaintPropagation checker into
reporting an
dkrupp wrote:
Thanks for the review. I updated the patch with your suggestions.
-std::unique_pointer changed to std::optional
-I fixed documentation related grammatical and refernce errors.
https://github.com/llvm/llvm-project/pull/98157
___
cfe-commit
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/98157
>From 75675417c324a2d1df5e42a8549f6d4bcb779ab4 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 5 Jul 2024 14:02:00 +0200
Subject: [PATCH 1/4] [analyzer] Splitting TaintPropagation checker into
reporting an
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/98157
>From 75675417c324a2d1df5e42a8549f6d4bcb779ab4 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 5 Jul 2024 14:02:00 +0200
Subject: [PATCH 1/3] [analyzer] Splitting TaintPropagation checker into
reporting an
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/98157
>From 75675417c324a2d1df5e42a8549f6d4bcb779ab4 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 5 Jul 2024 14:02:00 +0200
Subject: [PATCH 1/2] [analyzer] Splitting TaintPropagation checker into
reporting an
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/98157
>From 75675417c324a2d1df5e42a8549f6d4bcb779ab4 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 5 Jul 2024 14:02:00 +0200
Subject: [PATCH] [analyzer] Splitting TaintPropagation checker into reporting
and mo
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/98157
>From b8c54d9e91b7ec6760db24b687091246c7c31e3e Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 5 Jul 2024 14:02:00 +0200
Subject: [PATCH] [analyzer] Splitting TaintPropagation checker into reporting
and mo
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/98157
…ling checkers
Taint propagation is a a generic modeling feature of the Clang Static Analyzer
which many other checkers depend on. Therefore GenericTaintChecker is split
into a TaintPropagation modeling checker
dkrupp wrote:
> > Even protobuf contains this type of code:
> > https://codechecker-demo.eastus.cloudapp.azure.com/Default/report-detail?run=protobuf_v3.13.0_pointersub1&is-unique=on&diff-type=New&checker-name=alpha.core.PointerSub&report-id=5545776&report-hash=1bcd310fbaeccbcc13645b9b277239a2&r
https://github.com/dkrupp closed https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From f6fdd544a90b865e5e0e530930db87cad405216e Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/8] [analyzer] Adding taint analysis capability to
unix.Malloc che
dkrupp wrote:
Now the checker is renamed to optin.taint.TaintedAlloc as requested by the
reviewers.
https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From f6fdd544a90b865e5e0e530930db87cad405216e Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/7] [analyzer] Adding taint analysis capability to
unix.Malloc che
dkrupp wrote:
In the latest commit I fixed all remaining review comments.
GenericTaintchecker should be a dependency as mentioned in the FIXME, but it
cannot be one until the checker is not a modeling checker. This separation will
be done in a later follow-up patch. Until then, the documentati
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From f6fdd544a90b865e5e0e530930db87cad405216e Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/6] [analyzer] Adding taint analysis capability to
unix.Malloc che
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -1730,6 +1721,21 @@ def UnixAPIPortabilityChecker : Checker<"UnixAPI">,
} // end optin.portability
+
+//===--===//
+// Taint checkers.
+//===
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From f6fdd544a90b865e5e0e530930db87cad405216e Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/5] [analyzer] Adding taint analysis capability to
unix.Malloc che
dkrupp wrote:
- Handling of C++ operator new[] allocation was added to the checker with test
cases
- The checker is renamed to optin.taint.TaintAlloc, as besides malloc it
handles the c++ new array allocations too
- Test cases and documentation was updated
@NagyDonat , @steakhal please check
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From f6fdd544a90b865e5e0e530930db87cad405216e Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/4] [analyzer] Adding taint analysis capability to
unix.Malloc che
https://github.com/dkrupp edited https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From 80767176cbe8e5717c5f42b113f305d81b635cb9 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/4] [analyzer] Adding taint analysis capability to
unix.Malloc che
dkrupp wrote:
> @NagyDonat , @steakhal I fixed the additional remarks. Is there anything else
> that's need to be done before merging? Thanks.
I see now, that there is still one unaddressed remark from @NagyDonat regarding
a new testcase for array new allocations. I will be adding it tomorrow.
dkrupp wrote:
@NagyDonat , @steakhal I fixed the additional remarks.
Is there anything else that's need to be done before merging? Thanks.
https://github.com/llvm/llvm-project/pull/92420
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https:/
dkrupp wrote:
> The patch makes sense to me. Have you considered applying the same heuristic
> to C++ array new allocations?
>
> I'll port this patch downstream to see how this would behave on the Juliet
> C++ benchmark or on some real-world code.
I will check C++
> The patch makes sense to
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From 80767176cbe8e5717c5f42b113f305d81b635cb9 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/3] [analyzer] Adding taint analysis capability to
unix.Malloc che
dkrupp wrote:
Thanks for the reviews. I updated the patch.
@haoNoQ
- I changed the report to non-fatal
- I factored out the warning into a new checker optin.taint.TaintMalloc. This
way the checker can be enabled separately. Of course, the
alpha.security.taint.TaintPropagation checker is a pre
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From 80767176cbe8e5717c5f42b113f305d81b635cb9 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/2] [analyzer] Adding taint analysis capability to
unix.Malloc che
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/92420
>From 80767176cbe8e5717c5f42b113f305d81b635cb9 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 30 Apr 2024 15:20:52 +0200
Subject: [PATCH 1/2] [analyzer] Adding taint analysis capability to
unix.Malloc che
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/92420
unix.Malloc checker will warn if a memory allocation function (malloc, calloc,
realloc, alloca) is called with a tainted (attacker controlled) size parameter.
A large, maliciously set size value can trigger memory
=?utf-8?q?Donát?= Nagy ,Daniel Krupp
,
=?utf-8?q?Donát?= Nagy ,Daniel Krupp
Message-ID:
In-Reply-To:
https://github.com/dkrupp closed https://github.com/llvm/llvm-project/pull/68607
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lis
=?utf-8?q?Donát?= Nagy ,Daniel Krupp
,
=?utf-8?q?Donát?= Nagy ,Daniel Krupp
Message-ID:
In-Reply-To:
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68607
>From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct
=?utf-8?q?Donát?= Nagy ,Daniel Krupp
Message-ID:
In-Reply-To:
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68607
>From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/7
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68607
>From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/5] [analyzer] Removing untrusted buffer size taint warning
alpha.s
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68607
>From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/4] [analyzer] Removing untrusted buffer size taint warning
alpha.s
https://github.com/dkrupp approved this pull request.
The suggested change make a lot of sense. Thanks.
LGTM.
https://github.com/llvm/llvm-project/pull/89606
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman
https://github.com/dkrupp closed https://github.com/llvm/llvm-project/pull/68140
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68140
>From 4b310278d2923ff718d074a7f7c8806ad03c6401 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 3 Oct 2023 19:58:28 +0200
Subject: [PATCH 1/5] [analyzer] Fix core.VLASize checker false positive taint
report
dkrupp wrote:
I executed the analysis with this patch on the following open source projects:
memcached,tmux,curl,twin,vim,openssl,sqlite,ffmpeg,postgres, xerces
And it did not bring any visible change in the reports. So there were no new or
resolved findings compared to the baseline.
In both t
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68140
>From 4b310278d2923ff718d074a7f7c8806ad03c6401 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 3 Oct 2023 19:58:28 +0200
Subject: [PATCH 1/4] [analyzer] Fix core.VLASize checker false positive taint
report
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68140
>From 4b310278d2923ff718d074a7f7c8806ad03c6401 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 3 Oct 2023 19:58:28 +0200
Subject: [PATCH 1/3] [analyzer] Fix core.VLASize checker false positive taint
report
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68140
>From 4b310278d2923ff718d074a7f7c8806ad03c6401 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 3 Oct 2023 19:58:28 +0200
Subject: [PATCH 1/2] [analyzer] Fix core.VLASize checker false positive taint
report
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68140
>From 4b310278d2923ff718d074a7f7c8806ad03c6401 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Tue, 3 Oct 2023 19:58:28 +0200
Subject: [PATCH 1/2] [analyzer] Fix core.VLASize checker false positive taint
report
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68607
>From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/3] [analyzer] Removing untrusted buffer size taint warning
alpha.s
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68607
>From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/3] [analyzer] Removing untrusted buffer size taint warning
alpha.s
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/68607
>From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/2] [analyzer] Removing untrusted buffer size taint warning
alpha.s
dkrupp wrote:
@haoNoQ thanks for pointing out #61826 umbrella issue, I somehow missed that.
I see this TaintPropagation checker as a generic flexible tool to find
potential vulnerable data flows between any taint source and taint sink. The
user should be configure sources and sinks in the yam
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/68607
alpha.security.taint.TaintPropagation checker
emitted a false warning to the following code
char buf[100];
size_t size = tainted();
if (size > 100)
return;
memset(buf, 0, size); // warn: untrusted data used as b
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/68140
The checker reported a false positive on this code
void testTaintedSanitizedVLASize(void) {
int x;
scanf("%d", &x);
if (x<1)
return;
int vla[x]; // no-warning
}
After the fix, the checker only emits
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/67352
This commit renames alpha.security.taint.TaintPropagation checker to
optin.security.taint.TaintPropagation.
This checker was stabilized and improved by recent commits thus it's ready for
production use.
The che
https://github.com/dkrupp closed https://github.com/llvm/llvm-project/pull/66086
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
dkrupp wrote:
> As I'm not a maintainer, I could not push to your branch. Here is a patch
> that I think has the missing pieces to satisfy my review.
> [0001-fixup-analyzer-TaintPropagation-checker-strlen-shoul.patch.txt](https://github.com/llvm/llvm-project/files/12645128/0001-fixup-analyzer-T
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/66086
>From 889c886c3eed31335531ec61ad2b48bef15414d8 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 8 Sep 2023 16:57:49 +0200
Subject: [PATCH] [analyzer] TaintPropagation checker strlen() should not
propagate
https://github.com/dkrupp updated
https://github.com/llvm/llvm-project/pull/66086
>From f8997b16c74543eb57b272c4dd4abca1a10d9ac7 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Fri, 8 Sep 2023 16:57:49 +0200
Subject: [PATCH] [analyzer] TaintPropagation checker strlen() should not
propagate
dkrupp wrote:
If we remove the malloc(..) as the taint sink, we would lose some true positive
findings where the size of the allocated
area is specified directly as a number by the attacker:
```
char *size=getenv("SIZE");
if (size){
pathbuf=(char*) malloc(atoi(size)+1); // warn: denial of se
https://github.com/dkrupp review_requested
https://github.com/llvm/llvm-project/pull/66086
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp review_requested
https://github.com/llvm/llvm-project/pull/66086
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp review_requested
https://github.com/llvm/llvm-project/pull/66086
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp review_requested
https://github.com/llvm/llvm-project/pull/66086
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/dkrupp created
https://github.com/llvm/llvm-project/pull/66086:
strlen(..) call should not propagate taintedness,
because it brings in many false positive findings. It is a common pattern to
copy user provided input to another buffer. In these cases we always
get warnings abo
Author: Daniel Krupp
Date: 2023-07-25T11:34:11+02:00
New Revision: 4dbe2db02d03ffee27feb43a6ef332ca6a3cbca2
URL:
https://github.com/llvm/llvm-project/commit/4dbe2db02d03ffee27feb43a6ef332ca6a3cbca2
DIFF:
https://github.com/llvm/llvm-project/commit/4dbe2db02d03ffee27feb43a6ef332ca6a3cbca2.diff
Author: Daniel Krupp
Date: 2023-07-21T15:11:13+02:00
New Revision: 26b19a67e5c398a30b26214544878ec364dc59af
URL:
https://github.com/llvm/llvm-project/commit/26b19a67e5c398a30b26214544878ec364dc59af
DIFF:
https://github.com/llvm/llvm-project/commit/26b19a67e5c398a30b26214544878ec364dc59af.diff
Author: Daniel Krupp
Date: 2023-04-26T12:43:36+02:00
New Revision: 343bdb10940cb2387c0b9bd3caccee7bb56c937b
URL:
https://github.com/llvm/llvm-project/commit/343bdb10940cb2387c0b9bd3caccee7bb56c937b
DIFF:
https://github.com/llvm/llvm-project/commit/343bdb10940cb2387c0b9bd3caccee7bb56c937b.diff
dkrupp added a comment.
Thanks. Gabor, could you please merge this? I don't have commit right.
https://reviews.llvm.org/D24307
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
dkrupp marked 11 inline comments as done.
dkrupp added a comment.
issues fixed
https://reviews.llvm.org/D24307
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
dkrupp added inline comments.
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1011
@@ +1010,3 @@
+// containing the elements.
+Region = (State->getSVal(NE, LCtx))
+ .getAsRegion()
MemRegion has now method called castAs<>, only get
dkrupp updated this revision to Diff 70821.
dkrupp added a comment.
I tried to address all your comments.
1. computeExtentBegin() is greatly simplified.
2. addExtendSize() is simplified (scaleValue() function inlined)
3. new testcases added a) allocation and indexing of non-array element (int *ip
dkrupp added inline comments.
Comment at: lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp:83
@@ -78,1 +82,3 @@
+ // we can assume that the region starts at 0.
+ if (!state->isNull(extentVal).isConstrained()) {
return UnknownVal();
NoQ wrote:
dkrupp added inline comments.
Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1003
@@ +1002,3 @@
+//
+ProgramStateRef MallocChecker::addExtentSize(CheckerContext &C,
+ const CXXNewExpr *NE,
xazax.hun wrote:
> z
dkrupp created this revision.
dkrupp added reviewers: xazax.hun, NoQ, dcoughlin, zaks.anna.
dkrupp added a subscriber: cfe-commits.
ArrayBoundChecker did not detect out of bounds memory access errors in case an
array was allocated by the new expression.
1. MallocChecker.cpp was updated to calcu
dkrupp added a comment.
Hi,
its a good idea to include in LLVM/Clang i will propose it
In http://reviews.llvm.org/D12906#272265, @zaks.anna wrote:
> Hi Daniel,
>
> Have you considered contributing this work to clang/llvm?
It's a good idea I will propose this at cfe-dev.
Daniel
http://revie
dkrupp added a comment.
In http://reviews.llvm.org/D12906#272243, @zaks.anna wrote:
> > > In http://reviews.llvm.org/D10305#224956, @zaks.anna wrote:
>
> >
>
> > > For example, you could keep the information about the reports in the
> > > plist files and use those to
>
> >
>
> > > render th
dkrupp added a comment.
Hi,
Regarding testing:
I think we should create a RecursiveASTvistor based "test checker" that matches
every statement and declaration and reports a bug there.
Then we could create a test file similar to what we have in
/tools/clang/test/Analysis/diagnostics/report-issue
100 matches
Mail list logo
