https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/104599
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,80 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
+//
+
+typedef unsigned long size_t;
+
+typedef enum memory_order {
+ memory_order_relaxed = __ATOMIC_RELAXED,
+} memory_order;
+
+void *calloc(size_t, size_t);
+void free(void *);
+
+struc
https://github.com/NagyDonat commented:
I like the overall idea of this commit, but I noticed that it may be a step
backwards in some situation where there is a destructor on the stack and the
old code would've suppressed the result, but the new code doesn't suppress it.
(See inline comments f
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/104599
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106081
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -58,14 +60,14 @@ void testFreeOpNew() {
void *p = operator new(0);
free(p);
// mismatch-warning@-1{{Memory allocated by 'operator new' should be
deallocated by 'delete', not 'free()'}}
-} // leak-warning{{Potential leak of memory pointed to by 'p'}}
+}
---
https://github.com/NagyDonat commented:
Thanks for the updates! I'm mostly satisfied with this change, but I also added
some other reviewers to give them a chance to react.
https://github.com/llvm/llvm-project/pull/106081
___
cfe-commits mailing list
https://github.com/NagyDonat commented:
(This is just a quick drive-by correction of the `CallDescription` matching
modes. Other parts of the commit seem to be good, but I don't have a firm
opinion.)
https://github.com/llvm/llvm-project/pull/106581
_
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106581
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -158,12 +160,16 @@ class CStringChecker : public Checker< eval::Call,
&CStringChecker::evalStrlcpy},
{{CDM::CLibraryMaybeHardened, {"strcat"}, 2},
&CStringChecker::evalStrcat},
+ {{CDM::CLibraryMaybeHardened, {"lstrcat"}, 2},
NagyDon
@@ -150,6 +150,8 @@ class CStringChecker : public Checker< eval::Call,
// FIXME: C23 introduces 'memset_explicit', maybe also model that
{{CDM::CLibraryMaybeHardened, {"strcpy"}, 2},
&CStringChecker::evalStrcpy},
+ {{CDM::CLibraryMaybeHardened, {"lstrcpy
@@ -158,12 +160,16 @@ class CStringChecker : public Checker< eval::Call,
&CStringChecker::evalStrlcpy},
{{CDM::CLibraryMaybeHardened, {"strcat"}, 2},
&CStringChecker::evalStrcat},
+ {{CDM::CLibraryMaybeHardened, {"lstrcat"}, 2},
+ &CStringChecker:
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106581
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -3648,35 +3648,38 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
return nullptr;
}
- // See if we're releasing memory while inlining a destructor
- // (or one of its callees). This turns on various common
- //
@@ -58,14 +60,14 @@ void testFreeOpNew() {
void *p = operator new(0);
free(p);
// mismatch-warning@-1{{Memory allocated by 'operator new' should be
deallocated by 'delete', not 'free()'}}
-} // leak-warning{{Potential leak of memory pointed to by 'p'}}
+}
---
NagyDonat wrote:
> To me, a switch from eval-call to post-call should be NFC for the most part.
Minor correction: this commit switches from post-call to eval-call, not the
other way around.
> It would be nice if we could separate out that NFC part in a PR, and then
> deal with the breaking ch
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker {
} // namespace
+std::pair
+BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal,
+ QualType Res) const {
+ ProgramStateRef State = C.getState();
+ SValBu
@@ -3648,35 +3652,53 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
return nullptr;
}
- // See if we're releasing memory while inlining a destructor
- // (or one of its callees). This turns on various common
- //
@@ -3551,21 +3551,25 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
const LocationContext *CurrentLC = N->getLocationContext();
- // If we find an atomic fetch_add or fetch_sub within the destructor in which
- // the pointer was released (be
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/104599
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/104599
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
NagyDonat wrote:
(Just fixed some typos in the PR title.)
https://github.com/llvm/llvm-project/pull/104599
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
NagyDonat wrote:
@steakhal Don't worry about this PR, I don't think that there is anything that
you _need_ to review -- I just added you as a reviewer to ensure that you know
about it and you _may_ review it if you want. (Although now that I think about
it, you're probably subscribed to the [a
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker {
} // namespace
+std::pair
+BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal,
+ QualType Res) const {
+ ProgramStateRef State = C.getState();
+ SValBu
@@ -538,7 +541,8 @@ ProgramStateRef CStringChecker::checkInit(CheckerContext &C,
OS << ") in the ";
printIdxWithOrdinalSuffix(OS, Buffer.ArgumentIndex + 1);
OS << " argument is undefined";
-emitUninitializedReadBug(C, State, Buffer.Expression, OS.str());
+em
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/106982
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
First part of my review, I'll continue tomorrow.
https://github.com/llvm/llvm-project/pull/106982
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commit
@@ -315,6 +315,62 @@ static bool isFunctionMacroExpansion(SourceLocation Loc,
return EInfo.isFunctionMacroExpansion();
}
+static const LocationContext *getFirstNonCtorCall(const LocationContext *LCtx)
{
+ while (llvm::isa_and_nonnull(LCtx->getDecl()))
+LCtx = LCtx->get
@@ -718,6 +718,91 @@ class NoStateChangeFuncVisitor : public BugReporterVisitor
{
PathSensitiveBugReport &R) final;
};
+/// Put a diagnostic on return statement of all inlined functions
+/// for which the region of interest \p RegionOfInter
@@ -718,6 +718,91 @@ class NoStateChangeFuncVisitor : public BugReporterVisitor
{
PathSensitiveBugReport &R) final;
};
+/// Put a diagnostic on return statement of all inlined functions
+/// for which the region of interest \p RegionOfInter
@@ -315,6 +315,62 @@ static bool isFunctionMacroExpansion(SourceLocation Loc,
return EInfo.isFunctionMacroExpansion();
}
+static const LocationContext *getFirstNonCtorCall(const LocationContext *LCtx)
{
+ while (llvm::isa_and_nonnull(LCtx->getDecl()))
+LCtx = LCtx->get
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker {
} // namespace
+std::pair
+BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal,
+ QualType Res) const {
+ ProgramStateRef State = C.getState();
+ SValBu
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/102602
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -3648,35 +3652,53 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
return nullptr;
}
- // See if we're releasing memory while inlining a destructor
- // (or one of its callees). This turns on various common
- //
@@ -3648,35 +3655,54 @@ PathDiagnosticPieceRef
MallocBugVisitor::VisitNode(const ExplodedNode *N,
return nullptr;
}
- // See if we're releasing memory while inlining a destructor
- // (or one of its callees). This turns on various common
- //
@@ -50,6 +118,75 @@ class BuiltinFunctionChecker : public Checker {
} // namespace
+std::pair
+BuiltinFunctionChecker::checkOverflow(CheckerContext &C, SVal RetVal,
+ QualType Res) const {
+ ProgramStateRef State = C.getState();
+ SValBu
https://github.com/NagyDonat approved this pull request.
LGTM, nice little update :)
https://github.com/llvm/llvm-project/pull/98150
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/98157
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -391,8 +392,11 @@ class GenericTaintChecker : public Checker {
bool generateReportIfTainted(const Expr *E, StringRef Msg,
CheckerContext &C) const;
+ bool isTaintReporterCheckerEnabled = false;
+ CheckerNameRef reporterCheckerName;
+
priv
@@ -1122,10 +1131,20 @@ void
GenericTaintChecker::taintUnsafeSocketProtocol(const CallEvent &Call,
}
/// Checker registration
-void ento::registerGenericTaintChecker(CheckerManager &Mgr) {
+void ento::registerTaintPropagationChecker(CheckerManager &Mgr) {
Mgr.registerCheck
@@ -18,7 +21,7 @@
Taint analysis works by checking for the occurrence of special operations
during the symbolic execution of the program.
Taint analysis defines sources, sinks, and propagation rules. It identifies
errors by detecting a flow of information that origi
https://github.com/NagyDonat commented:
Overall LGTM, I added some minor remarks in inline comments.
Also note that with this change we can finally remove the note
```
The ``alpha.security.taint.TaintPropagation`` checker also needs to be enabled
for
this checker to give warnings.
```
from the
@@ -1122,10 +1131,20 @@ void
GenericTaintChecker::taintUnsafeSocketProtocol(const CallEvent &Call,
}
/// Checker registration
-void ento::registerGenericTaintChecker(CheckerManager &Mgr) {
+void ento::registerTaintPropagationChecker(CheckerManager &Mgr) {
Mgr.registerCheck
@@ -1122,10 +1131,20 @@ void
GenericTaintChecker::taintUnsafeSocketProtocol(const CallEvent &Call,
}
/// Checker registration
-void ento::registerGenericTaintChecker(CheckerManager &Mgr) {
+void ento::registerTaintPropagationChecker(CheckerManager &Mgr) {
Mgr.registerCheck
https://github.com/NagyDonat approved this pull request.
LGTM, thanks for the updates.
@steakhal Is it OK for you if we merge this?
https://github.com/llvm/llvm-project/pull/98157
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.l
NagyDonat wrote:
(By the way, this change doesn't have significant user-facing parts, so I don't
think that we need to mention it in the release notes.)
https://github.com/llvm/llvm-project/pull/98157
___
cfe-commits mailing list
cfe-commits@lists.llv
@@ -1046,10 +1044,7 @@ bool GenericTaintChecker::generateReportIfTainted(const
Expr *E, StringRef Msg,
return false;
// Generate diagnostic.
NagyDonat wrote:
:thinking: Perhaps add an `assert(BT)` here for the sake of paranoia?
https://github.com/llvm
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/98621
Previously alpha.security.ArrayBoundV2 displayed the (negative) offset value
when it reported an underflow, but this produced lots of very similar and
redundant reports in certain situations.
After this commi
@@ -609,7 +610,7 @@ void ArrayBoundCheckerV2::performCheck(const Expr *E,
CheckerContext &C) const {
// CHECK UPPER BOUND
DefinedOrUnknownSVal Size = getDynamicExtent(State, Reg, SVB);
if (auto KnownSize = Size.getAs()) {
-// In a situation where both overflow and ov
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/98621
From 2765bc97d3242d50fd73aedb9e9d38dfdcef814c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Fri, 12 Jul 2024 13:57:53 +0200
Subject: [PATCH 1/2] [analyzer] Don't display the offset value in
NagyDonat wrote:
> I wonder if we could have something in between. I'm thinking of having the
> concrete offset as a separate note, instead of having it part of the primary
> message. That way after BR selection, we would still deterministically pick
> the shortest parh, and also have the offs
NagyDonat wrote:
_(Technical detail: I'll be on vacation during the next week, so I won't see
updates on this PR until the 22nd of July. If you want to merge this PR, feel
free to do so, but don't forget to adjust the description and the title to
accurately reflect the current state of the PR.
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -373,14 +373,14 @@ static std::optional
getConcreteValue(std::optional SV) {
}
static Messages getPrecedesMsgs(const SubRegion *Region, NonLoc Offset) {
- std::string RegName = getRegionName(Region);
- SmallString<128> Buf;
- llvm::raw_svector_ostream Out(Buf);
- Out <
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/98621
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/68607
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -53,34 +54,32 @@ void taintDiagnosticVLA(void) {
// Tests if the originated note is correctly placed even if the path is
// propagating through variables and expressions
-char *taintDiagnosticPropagation(){
- char *pathbuf;
- char *size=getenv("SIZE"); // expected-note {{
https://github.com/NagyDonat approved this pull request.
LGTM with a few minor changes.
https://github.com/llvm/llvm-project/pull/68607
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -95,22 +94,23 @@ void testReadStdIn(){
}
void multipleTaintSources(void) {
- int x,y,z;
- scanf("%d", &x); // expected-note {{Taint originated here}}
+ char cmd[2048], file[1024];
+ scanf ("%1022[^\n] ", cmd); // expected-note {{Taint originated here}}
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/68607
From 143db26ffe8620c2b45eb15d331466c883bbfce0 Mon Sep 17 00:00:00 2001
From: Daniel Krupp
Date: Mon, 9 Oct 2023 16:52:13 +0200
Subject: [PATCH 1/8] [analyzer] Removing untrusted buffer size taint warning
alpha
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/90974
This commit explicitly specifies the matching mode (C library function, any
non-method function, or C++ method) for the `CallDescription`s constructed in
various checkers.
Some code was simplified to use `Cal
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/91231
This commit heavily refactors and simplifies the small and trivial checker
`apiModeling.llvm.ReturnValue`, which is responsible for modeling the peculiar
coding convention that in the LLVM/Clang codebase certa
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/91231
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/90974
From 9ed06c41127c88b3e2e8596ddd83b42ab2856f61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Fri, 3 May 2024 16:13:19 +0200
Subject: [PATCH 1/2] [analyzer] Use explicit call description mode
@@ -149,26 +149,34 @@ class BlockInCriticalSectionChecker : public
Checker {
private:
const std::array MutexDescriptors{
MemberMutexDescriptor(
- CallDescription(/*QualifiedName=*/{"std", "mutex", "lock"},
+ CallDescription(/*MatchAs=*/CDM::CXXMethod,
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/90974
From 9ed06c41127c88b3e2e8596ddd83b42ab2856f61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Fri, 3 May 2024 16:13:19 +0200
Subject: [PATCH 1/3] [analyzer] Use explicit call description mode
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/90974
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/91331
This commit explicitly specifies the matching mode (C library function, any
non-method function, or C++ method) for the `CallDescription`s constructed in
the checker `osx.MIG`.
The code was simplified to use
@@ -87,7 +90,7 @@ class MIGChecker : public Checker,
#undef CALL
};
- CallDescription OsRefRetain{{"os_ref_retain"}, 1};
+ CallDescription OsRefRetain{CDM::SimpleFunc, {"os_ref_retain"}, 1};
NagyDonat wrote:
`CDM::SimpleFunc` is used instead of `CDM::CLib
@@ -46,13 +46,13 @@ class MIGChecker : public Checker,
// additionally an argument of a MIG routine, the checker keeps track of that
// information and issues a warning when an error is returned from the
// respective routine.
- std::vector> Deallocators = {
+ CallDescr
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91331
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat commented:
It's good to see that this checker is finished. I added several inline
comments, but they are not serious issues -- most are connected to
`CallDescription`s where I'm now very familiar with the available options (and
I refactored the code, so others are
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91445
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,170 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.SetgidSetuidOrder
-verify %s
+
+#include "Inputs/system-header-simulator-setgid-setuid.h"
+
+void correct_order() {
+ if (setgid(getgid()) == -1)
+return;
+ if (setuid(getuid()) == -1)
+return
@@ -0,0 +1,170 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.SetgidSetuidOrder
-verify %s
+
+#include "Inputs/system-header-simulator-setgid-setuid.h"
+
+void correct_order() {
+ if (setgid(getgid()) == -1)
+return;
+ if (setuid(getuid()) == -1)
+return
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91445
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat closed
https://github.com/llvm/llvm-project/pull/91331
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/91531
There are many environments where `errno` is a macro that expands to something
like `(*__errno())` (different standard library implementations use different
names instead of "__errno").
In these environments
https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/91635
This commit refactors GenericTaintChecker and performs various improvements in
the list of taint propagation functions:
1. The matching mode (usually `CDM::CLibrary` or `CDM::CLibraryMaybeHardened`)
was speci
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91445
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91445
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/NagyDonat edited
https://github.com/llvm/llvm-project/pull/91445
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -0,0 +1,196 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
https://github.com/NagyDonat commented:
You forgot to add `CDM::CLibrary` in the definition of `SetuidDesc` and
`SetgidDesc` (see the new inline comment).
There are also several inline comments from my previous review where I'm
expecting an answer (not necessarily a code change -- in each case
@@ -0,0 +1,197 @@
+//===-- SetgidSetuidOrderChecker.cpp - check privilege revocation calls
---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Ap
https://github.com/NagyDonat updated
https://github.com/llvm/llvm-project/pull/91531
From 07dc4dd5c60c8a04637cce686b379e195deb5b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?=
Date: Wed, 8 May 2024 20:01:57 +0200
Subject: [PATCH 1/2] [analyzer] Refactor recognition of the errno
@@ -39,10 +39,15 @@ namespace {
// Name of the "errno" variable.
// FIXME: Is there a system where it is not called "errno" but is a variable?
const char *ErrnoVarName = "errno";
+
// Names of functions that return a location of the "errno" value.
// FIXME: Are there other si
@@ -54,16 +59,10 @@ class ErrnoModeling
void checkLiveSymbols(ProgramStateRef State, SymbolReaper &SR) const;
bool evalCall(const CallEvent &Call, CheckerContext &C) const;
- // The declaration of an "errno" variable or "errno location" function.
- mutable const Decl *Er
NagyDonat wrote:
Thanks for the review, I updated my commit!
https://github.com/llvm/llvm-project/pull/91531
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -71,12 +71,9 @@ ProgramStateRef setErrnoState(ProgramStateRef State,
ErrnoCheckState EState);
/// Clear state of errno (make it irrelevant).
ProgramStateRef clearErrnoState(ProgramStateRef State);
-/// Determine if a `Decl` node related to 'errno'.
-/// This is true if the
301 - 400 of 1140 matches
Mail list logo
