[clang] [analyzer] Removing untrusted buffer size taint warning (PR #68607)

via cfe-commits Mon, 09 Oct 2023 09:53:50 -0700

================
@@ -753,32 +756,16 @@ void GenericTaintChecker::initTaintRules(CheckerContext 
&C) const {
       {{{"execvp"}}, TR::Sink({{0, 1}}, MsgSanitizeSystemArgs)},
       {{{"execvpe"}}, TR::Sink({{0, 1, 2}}, MsgSanitizeSystemArgs)},
       {{{"dlopen"}}, TR::Sink({{0}}, MsgSanitizeSystemArgs)},
-      {{CDF_MaybeBuiltin, {{"malloc"}}}, TR::Sink({{0}}, 
MsgTaintedBufferSize)},
-      {{CDF_MaybeBuiltin, {{"calloc"}}}, TR::Sink({{0}}, 
MsgTaintedBufferSize)},
-      {{CDF_MaybeBuiltin, {{"alloca"}}}, TR::Sink({{0}}, 
MsgTaintedBufferSize)},
-      {{CDF_MaybeBuiltin, {{"memccpy"}}},
-       TR::Sink({{3}}, MsgTaintedBufferSize)},
-      {{CDF_MaybeBuiltin, {{"realloc"}}},
-       TR::Sink({{1}}, MsgTaintedBufferSize)},
+       // malloc, calloc, alloca, realloc, memccpy
+       // are intentionally left out as taint sinks
+       // because unconditional reporting for these functions
+       // generate many false positives.
+       // These taint sinks should be implemented in other checkers
+       // with more sophisticated sanitation heuristics.
----------------
DonatNagyE wrote:


This comment block has chaotic line breaks, wrap it to e.g. 80 characters / 
line (perhaps excluding the first line if you want to keep that list separate). 
Also note that "left out as taint sinks" is a bit unclear, I'd prefer "not 
marked as taint sinks" or something similar. 

https://github.com/llvm/llvm-project/pull/68607
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Removing untrusted buffer size taint warning (PR #68607)

Reply via email to