Szelethus updated this revision to Diff 195617.
Szelethus retitled this revision from "[analyzer] Detect usages of unsafe I/O
functions - Bug fixing" to "[analyzer] PR41185: Fix regression where
__builtin_* functions weren't recognized".
Szelethus edited the summary of this revision.
Szelethus edited reviewers, added: baloghadamsoftware, alexfh; removed:
zaks.anna.
Szelethus set the repository for this revision to rC Clang.
Szelethus edited projects, added clang; removed LLVM.
Szelethus added a comment.
Herald added subscribers: cfe-commits, kristina.
Implemented the fix I proposed in my earlier comment. While I was there, I
prettified some of the other tests, and also made sure that the core package is
enabled in their run lines.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59812/new/
https://reviews.llvm.org/D59812
Files:
lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
test/Analysis/security-syntax-checks-no-emit.c
test/Analysis/security-syntax-checks.c
test/Analysis/security-syntax-checks.m
Index: test/Analysis/security-syntax-checks.m
===================================================================
--- test/Analysis/security-syntax-checks.m
+++ test/Analysis/security-syntax-checks.m
@@ -1,11 +1,48 @@
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DUSE_BUILTINS -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DUSE_BUILTINS -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DUSE_BUILTINS -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DUSE_BUILTINS -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -DUSE_BUILTINS \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -DVARIANT \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -DUSE_BUILTINS -DVARIANT \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -DUSE_BUILTINS \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -DVARIANT \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -DUSE_BUILTINS -DVARIANT \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
#ifdef USE_BUILTINS
# define BUILTIN(f) __builtin_ ## f
@@ -165,7 +202,7 @@
void test_strcpy() {
char x[4];
- char *y;
+ char *y = 0;
strcpy(x, y); //expected-warning{{Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119}}
}
@@ -204,7 +241,7 @@
void test_strcat() {
char x[4];
- char *y;
+ char *y = 0;
strcat(x, y); //expected-warning{{Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119}}
}
@@ -274,8 +311,8 @@
void test_deprecated_or_unsafe_buffer_handling_1() {
char buf [5];
wchar_t wbuf [5];
- int a;
- FILE *file;
+ int a = 0;
+ FILE *file = 0;
sprintf(buf, "a"); // expected-warning{{Call to function 'sprintf' is insecure}}
scanf("%d", &a); // expected-warning{{Call to function 'scanf' is insecure}}
scanf("%s", buf); // expected-warning{{Call to function 'scanf' is insecure}}
@@ -300,7 +337,7 @@
void test_deprecated_or_unsafe_buffer_handling_2(const char *format, ...) {
char buf [5];
- FILE *file;
+ FILE *file = 0;
va_list args;
va_start(args, format);
vsprintf(buf, format, args); // expected-warning{{Call to function 'vsprintf' is insecure}}
@@ -312,7 +349,7 @@
void test_deprecated_or_unsafe_buffer_handling_3(const wchar_t *format, ...) {
wchar_t wbuf [5];
- FILE *file;
+ FILE *file = 0;
va_list args;
va_start(args, format);
vwscanf(format, args); // expected-warning{{Call to function 'vwscanf' is insecure}}
Index: test/Analysis/security-syntax-checks.c
===================================================================
--- /dev/null
+++ test/Analysis/security-syntax-checks.c
@@ -0,0 +1,9 @@
+// RUN: %clang_analyze_cc1 %s -verify \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI
+
+void builtin_function_call_crash_fixes(char *c) {
+ __builtin_strncpy(c, "", 6); // expected-warning{{Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard.}}
+ __builtin_memset(c, '\0', (0)); // expected-warning{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard.}}
+ __builtin_memcpy(c, c, 0); // expected-warning{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard.}}
+}
Index: test/Analysis/security-syntax-checks-no-emit.c
===================================================================
--- test/Analysis/security-syntax-checks-no-emit.c
+++ test/Analysis/security-syntax-checks-no-emit.c
@@ -1,4 +1,8 @@
-// RUN: %clang_analyze_cc1 -triple i686-pc-linux-gnu -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
+// RUN: %clang_analyze_cc1 -triple i686-pc-linux-gnu %s -verify \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
// expected-no-diagnostics
// This file complements 'security-syntax-checks.m', but tests that we omit
Index: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
+++ lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
@@ -740,7 +740,11 @@
// Issue a warning. ArgIndex == -1: Deprecated but not unsafe (has size
// restrictions).
enum { DEPR_ONLY = -1, UNKNOWN_CALL = -2 };
+
StringRef Name = FD->getIdentifier()->getName();
+ if (Name.startswith("__builtin_"))
+ Name = Name.substr(10);
+
int ArgIndex =
llvm::StringSwitch<int>(Name)
.Cases("scanf", "wscanf", "vscanf", "vwscanf", 0)
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
