Author: Balazs Benics Date: 2022-05-02T10:37:23+02:00 New Revision: 464c9833df8049793232bccb10fea84098499e4a
URL: https://github.com/llvm/llvm-project/commit/464c9833df8049793232bccb10fea84098499e4a DIFF: https://github.com/llvm/llvm-project/commit/464c9833df8049793232bccb10fea84098499e4a.diff LOG: [analyzer][docs] Document alpha.security.cert.pos.34c limitations Reviewed By: martong Differential Revision: https://reviews.llvm.org/D124659 Added: Modified: clang/docs/analyzer/checkers.rst Removed: ################################################################################ diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index 2f5336ae6a67f..4b0b53ca8da2b 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -2268,6 +2268,25 @@ Finds calls to the ``putenv`` function which pass a pointer to an automatic vari return putenv(env); // putenv function should not be called with auto variables } +Limitations: + + - Technically, one can pass automatic variables to ``putenv``, + but one needs to ensure that the given environment key stays + alive until it's removed or overwritten. + Since the analyzer cannot keep track of which envvars get overwritten + and when, it needs to be slightly more aggressive and warn for such + cases too, leading in some cases to false-positive reports like this: + + .. code-block:: c + + void baz() { + char env[] = "NAME=value"; + putenv(env); // false-positive warning: putenv function should not be called... + // More code... + putenv((char *)"NAME=anothervalue"); + // This putenv call overwrites the previous entry, thus that can no longer dangle. + } // 'env' array becomes dead only here. + alpha.security.cert.env ^^^^^^^^^^^^^^^^^^^^^^^ _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits