================ @@ -95,22 +94,23 @@ void testReadStdIn(){ } void multipleTaintSources(void) { - int x,y,z; - scanf("%d", &x); // expected-note {{Taint originated here}} + char cmd[2048], file[1024]; + scanf ("%1022[^\n] ", cmd); // expected-note {{Taint originated here}} // expected-note@-1 {{Taint propagated to the 2nd argument}} - scanf("%d", &y); // expected-note {{Taint originated here}} + scanf ("%1023[^\n]", file); // expected-note {{Taint originated here}} // expected-note@-1 {{Taint propagated to the 2nd argument}} - scanf("%d", &z); - int* ptr = (int*) malloc(y + x); // expected-warning {{Untrusted data is used to specify the buffer size}} - // expected-note@-1{{Untrusted data is used to specify the buffer size}} - free (ptr); + strcat(cmd, file);// expected-note {{Taint propagated to the 1st argument}} + system(cmd); // expected-warning {{Untrusted data is passed to a system call}} + // expected-note@-1{{Untrusted data is passed to a system call}} } void multipleTaintedArgs(void) { - int x,y; - scanf("%d %d", &x, &y); // expected-note {{Taint originated here}} + char cmd[1024], file[1024], buf[2048]; + scanf("%1022s %1023s", cmd, file); // expected-note {{Taint originated here}} // expected-note@-1 {{Taint propagated to the 2nd argument, 3rd argument}} - int* ptr = (int*) malloc(x + y); // expected-warning {{Untrusted data is used to specify the buffer size}} - // expected-note@-1{{Untrusted data is used to specify the buffer size}} - free (ptr); + strcpy(buf, cmd);// expected-note {{Taint propagated to the 1st argument}} + strcat(buf," ");// expected-note {{Taint propagated to the 1st argument}} ---------------- NagyDonat wrote:
```suggestion strcat(buf, " ");// expected-note {{Taint propagated to the 1st argument}} ``` Just whitespace bikeshedding... https://github.com/llvm/llvm-project/pull/68607 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits