================
@@ -95,22 +94,23 @@ void testReadStdIn(){
}
void multipleTaintSources(void) {
- int x,y,z;
- scanf("%d", &x); // expected-note {{Taint originated here}}
+ char cmd[2048], file[1024];
+ scanf ("%1022[^\n] ", cmd); // expected-note {{Taint originated here}}
// expected-note@-1 {{Taint propagated to the 2nd argument}}
- scanf("%d", &y); // expected-note {{Taint originated here}}
+ scanf ("%1023[^\n]", file); // expected-note {{Taint originated here}}
// expected-note@-1 {{Taint propagated to the 2nd argument}}
- scanf("%d", &z);
- int* ptr = (int*) malloc(y + x); // expected-warning {{Untrusted data is
used to specify the buffer size}}
- // expected-note@-1{{Untrusted data is used
to specify the buffer size}}
- free (ptr);
+ strcat(cmd, file);// expected-note {{Taint propagated to the 1st argument}}
+ system(cmd); // expected-warning {{Untrusted data is passed to a system
call}}
+ // expected-note@-1{{Untrusted data is passed to a system call}}
}
void multipleTaintedArgs(void) {
- int x,y;
- scanf("%d %d", &x, &y); // expected-note {{Taint originated here}}
+ char cmd[1024], file[1024], buf[2048];
+ scanf("%1022s %1023s", cmd, file); // expected-note {{Taint originated here}}
// expected-note@-1 {{Taint propagated to the 2nd
argument, 3rd argument}}
- int* ptr = (int*) malloc(x + y); // expected-warning {{Untrusted data is
used to specify the buffer size}}
- // expected-note@-1{{Untrusted data is used
to specify the buffer size}}
- free (ptr);
+ strcpy(buf, cmd);// expected-note {{Taint propagated to the 1st argument}}
+ strcat(buf," ");// expected-note {{Taint propagated to the 1st argument}}
----------------
NagyDonat wrote:
```suggestion
strcat(buf, " ");// expected-note {{Taint propagated to the 1st argument}}
```
Just whitespace bikeshedding...
https://github.com/llvm/llvm-project/pull/68607
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
