================ @@ -753,32 +756,16 @@ void GenericTaintChecker::initTaintRules(CheckerContext &C) const { {{{"execvp"}}, TR::Sink({{0, 1}}, MsgSanitizeSystemArgs)}, {{{"execvpe"}}, TR::Sink({{0, 1, 2}}, MsgSanitizeSystemArgs)}, {{{"dlopen"}}, TR::Sink({{0}}, MsgSanitizeSystemArgs)}, - {{CDF_MaybeBuiltin, {{"malloc"}}}, TR::Sink({{0}}, MsgTaintedBufferSize)}, - {{CDF_MaybeBuiltin, {{"calloc"}}}, TR::Sink({{0}}, MsgTaintedBufferSize)}, - {{CDF_MaybeBuiltin, {{"alloca"}}}, TR::Sink({{0}}, MsgTaintedBufferSize)}, - {{CDF_MaybeBuiltin, {{"memccpy"}}}, - TR::Sink({{3}}, MsgTaintedBufferSize)}, - {{CDF_MaybeBuiltin, {{"realloc"}}}, - TR::Sink({{1}}, MsgTaintedBufferSize)}, + // malloc, calloc, alloca, realloc, memccpy + // are intentionally left out as taint sinks + // because unconditional reporting for these functions + // generate many false positives. + // These taint sinks should be implemented in other checkers + // with more sophisticated sanitation heuristics. {{{{"setproctitle"}}}, TR::Sink({{0}, 1}, MsgUncontrolledFormatString)}, {{{{"setproctitle_fast"}}}, TR::Sink({{0}, 1}, MsgUncontrolledFormatString)}, - - // SinkProps ---------------- DonatNagyE wrote:
After removing these, the trivial helper function `GenericTaintRule::SinkProp()` became unused, so you should remove it a well. https://github.com/llvm/llvm-project/pull/68607 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits