[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
https://github.com/gamesh411 closed https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
https://github.com/Xazax-hun approved this pull request. https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
https://github.com/gamesh411 updated
https://github.com/llvm/llvm-project/pull/71912
From 248c94c3b8dd29fa9d98419e53f42454a2225544 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?=
Date: Fri, 10 Nov 2023 10:08:58 +0100
Subject: [PATCH 1/3] [analyzer] Move security.cert.env.InvalidPtr out of alpha
Thanks to recent improvements in #67663, InvalidPtr checker does
not emit any false positives on the following OS projects:
memcached, tmux, curl, twin, vim, openssl, sqlite, ffmpeg, postgres,
tinyxml2, libwebm, xerces, bitcoin, protobuf, qtbase, contour, acid,
openrct2
---
clang/docs/analyzer/checkers.rst | 138 +-
.../clang/StaticAnalyzer/Checkers/Checkers.td | 28 ++--
clang/test/Analysis/analyzer-config.c | 2 +-
clang/test/Analysis/cert/env31-c.c| 10 +-
.../Analysis/cert/env34-c-cert-examples.c | 10 +-
clang/test/Analysis/cert/env34-c.c| 4 +-
clang/test/Analysis/invalid-ptr-checker.c | 8 +-
7 files changed, 101 insertions(+), 99 deletions(-)
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 40aa06724ccb75c..e922ee3c9f4e239 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -755,6 +755,75 @@ security
Security related checkers.
+.. _security-cert-env-InvalidPtr:
+
+security.cert.env.InvalidPtr
+""
+
+Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
+
+ENV31-C:
+Rule is about the possible problem with `main` function's third argument,
environment pointer,
+"envp". When environment array is modified using some modification function
+such as putenv, setenv or others, It may happen that memory is reallocated,
+however "envp" is not updated to reflect the changes and points to old memory
+region.
+
+ENV34-C:
+Some functions return a pointer to a statically allocated buffer.
+Consequently, subsequent call of these functions will invalidate previous
+pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
+
+.. code-block:: c
+
+ int main(int argc, const char *argv[], const char *envp[]) {
+if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
+ // setenv call may invalidate 'envp'
+ /* Handle error */
+}
+if (envp != NULL) {
+ for (size_t i = 0; envp[i] != NULL; ++i) {
+puts(envp[i]);
+// envp may no longer point to the current environment
+// this program has unanticipated behavior, since envp
+// does not reflect changes made by setenv function.
+ }
+}
+return 0;
+ }
+
+ void previous_call_invalidation() {
+char *p, *pp;
+
+p = getenv("VAR");
+setenv("SOMEVAR", "VALUE", /*overwrite = */1);
+// call to 'setenv' may invalidate p
+
+*p;
+// dereferencing invalid pointer
+ }
+
+
+The ``InvalidatingGetEnv`` option is available for treating getenv calls as
+invalidating. When enabled, the checker issues a warning if getenv is called
+multiple times and their results are used without first creating a copy.
+This level of strictness might be considered overly pedantic for the commonly
+used getenv implementations.
+
+To enable this option, use:
+``-analyzer-config security.cert.env.InvalidPtr:InvalidatingGetEnv=true``.
+
+By default, this option is set to *false*.
+
+When this option is enabled, warnings will be generated for scenarios like the
+following:
+
+.. code-block:: c
+
+ char* p = getenv("VAR");
+ char* pp = getenv("VAR2"); // assumes this call can invalidate `env`
+ strlen(p); // warns about accessing invalid ptr
+
.. _security-FloatLoopCounter:
security.FloatLoopCounter (C)
@@ -2549,75 +2618,6 @@ alpha.security.cert.env
SEI CERT checkers of `Environment C coding rules
`_.
-.. _alpha-security-cert-env-InvalidPtr:
-
-alpha.security.cert.env.InvalidPtr
-""
-
-Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
-
-ENV31-C:
-Rule is about the possible problem with `main` function's third argument,
environment pointer,
-"envp". When environment array is modified using some modification function
-such as putenv, setenv or others, It may happen that memory is reallocated,
-however "envp" is not updated to reflect the changes and points to old memory
-region.
-
-ENV34-C:
-Some functions return a pointer to a statically allocated buffer.
-Consequently, subsequent call of these functions will invalidate previous
-pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
-
-.. code-block:: c
-
- int main(int argc, const char *argv[], const char *envp[]) {
-if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
- // setenv call may invalidate 'envp'
- /* Handle error */
-}
-if (envp != NULL) {
- for (size_t i = 0; envp[i] != NULL; ++i) {
-puts(envp[i]);
-// envp may no longer point to the current environment
-// this program
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
gamesh411 wrote: cleaned up the commiter email, as it was pointing to an old address https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
https://github.com/gamesh411 updated
https://github.com/llvm/llvm-project/pull/71912
From 80c1f88244b22aaa4badb26384a971d19759b660 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?=
Date: Fri, 10 Nov 2023 10:08:58 +0100
Subject: [PATCH 1/3] [analyzer] Move security.cert.env.InvalidPtr out of alpha
Thanks to recent improvements in #67663, InvalidPtr checker does
not emit any false positives on the following OS projects:
memcached, tmux, curl, twin, vim, openssl, sqlite, ffmpeg, postgres,
tinyxml2, libwebm, xerces, bitcoin, protobuf, qtbase, contour, acid,
openrct2
---
clang/docs/analyzer/checkers.rst | 138 +-
.../clang/StaticAnalyzer/Checkers/Checkers.td | 28 ++--
clang/test/Analysis/analyzer-config.c | 2 +-
clang/test/Analysis/cert/env31-c.c| 10 +-
.../Analysis/cert/env34-c-cert-examples.c | 10 +-
clang/test/Analysis/cert/env34-c.c| 4 +-
clang/test/Analysis/invalid-ptr-checker.c | 8 +-
7 files changed, 101 insertions(+), 99 deletions(-)
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 40aa06724ccb75c..e922ee3c9f4e239 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -755,6 +755,75 @@ security
Security related checkers.
+.. _security-cert-env-InvalidPtr:
+
+security.cert.env.InvalidPtr
+""
+
+Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
+
+ENV31-C:
+Rule is about the possible problem with `main` function's third argument,
environment pointer,
+"envp". When environment array is modified using some modification function
+such as putenv, setenv or others, It may happen that memory is reallocated,
+however "envp" is not updated to reflect the changes and points to old memory
+region.
+
+ENV34-C:
+Some functions return a pointer to a statically allocated buffer.
+Consequently, subsequent call of these functions will invalidate previous
+pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
+
+.. code-block:: c
+
+ int main(int argc, const char *argv[], const char *envp[]) {
+if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
+ // setenv call may invalidate 'envp'
+ /* Handle error */
+}
+if (envp != NULL) {
+ for (size_t i = 0; envp[i] != NULL; ++i) {
+puts(envp[i]);
+// envp may no longer point to the current environment
+// this program has unanticipated behavior, since envp
+// does not reflect changes made by setenv function.
+ }
+}
+return 0;
+ }
+
+ void previous_call_invalidation() {
+char *p, *pp;
+
+p = getenv("VAR");
+setenv("SOMEVAR", "VALUE", /*overwrite = */1);
+// call to 'setenv' may invalidate p
+
+*p;
+// dereferencing invalid pointer
+ }
+
+
+The ``InvalidatingGetEnv`` option is available for treating getenv calls as
+invalidating. When enabled, the checker issues a warning if getenv is called
+multiple times and their results are used without first creating a copy.
+This level of strictness might be considered overly pedantic for the commonly
+used getenv implementations.
+
+To enable this option, use:
+``-analyzer-config security.cert.env.InvalidPtr:InvalidatingGetEnv=true``.
+
+By default, this option is set to *false*.
+
+When this option is enabled, warnings will be generated for scenarios like the
+following:
+
+.. code-block:: c
+
+ char* p = getenv("VAR");
+ char* pp = getenv("VAR2"); // assumes this call can invalidate `env`
+ strlen(p); // warns about accessing invalid ptr
+
.. _security-FloatLoopCounter:
security.FloatLoopCounter (C)
@@ -2549,75 +2618,6 @@ alpha.security.cert.env
SEI CERT checkers of `Environment C coding rules
`_.
-.. _alpha-security-cert-env-InvalidPtr:
-
-alpha.security.cert.env.InvalidPtr
-""
-
-Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
-
-ENV31-C:
-Rule is about the possible problem with `main` function's third argument,
environment pointer,
-"envp". When environment array is modified using some modification function
-such as putenv, setenv or others, It may happen that memory is reallocated,
-however "envp" is not updated to reflect the changes and points to old memory
-region.
-
-ENV34-C:
-Some functions return a pointer to a statically allocated buffer.
-Consequently, subsequent call of these functions will invalidate previous
-pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
-
-.. code-block:: c
-
- int main(int argc, const char *argv[], const char *envp[]) {
-if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
- // setenv call may invalidate 'envp'
- /* Handle error */
-}
-if (envp != NULL) {
- for (size_t i = 0; envp[i] != NULL; ++i) {
-puts(envp[i]);
-// envp may no longer point to the current environment
-// this program
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
https://github.com/gamesh411 updated
https://github.com/llvm/llvm-project/pull/71912
From 977e421008c1247d54f4cb67967ed2a353935c03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?=
Date: Fri, 10 Nov 2023 10:08:58 +0100
Subject: [PATCH 1/3] [analyzer] Move security.cert.env.InvalidPtr out of alpha
Thanks to recent improvements in #67663, InvalidPtr checker does
not emit any false positives on the following OS projects:
memcached, tmux, curl, twin, vim, openssl, sqlite, ffmpeg, postgres,
tinyxml2, libwebm, xerces, bitcoin, protobuf, qtbase, contour, acid,
openrct2
---
clang/docs/analyzer/checkers.rst | 138 +-
.../clang/StaticAnalyzer/Checkers/Checkers.td | 28 ++--
clang/test/Analysis/analyzer-config.c | 2 +-
clang/test/Analysis/cert/env31-c.c| 10 +-
.../Analysis/cert/env34-c-cert-examples.c | 10 +-
clang/test/Analysis/cert/env34-c.c| 4 +-
clang/test/Analysis/invalid-ptr-checker.c | 8 +-
7 files changed, 101 insertions(+), 99 deletions(-)
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 40aa06724ccb75c..e922ee3c9f4e239 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -755,6 +755,75 @@ security
Security related checkers.
+.. _security-cert-env-InvalidPtr:
+
+security.cert.env.InvalidPtr
+""
+
+Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
+
+ENV31-C:
+Rule is about the possible problem with `main` function's third argument,
environment pointer,
+"envp". When environment array is modified using some modification function
+such as putenv, setenv or others, It may happen that memory is reallocated,
+however "envp" is not updated to reflect the changes and points to old memory
+region.
+
+ENV34-C:
+Some functions return a pointer to a statically allocated buffer.
+Consequently, subsequent call of these functions will invalidate previous
+pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
+
+.. code-block:: c
+
+ int main(int argc, const char *argv[], const char *envp[]) {
+if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
+ // setenv call may invalidate 'envp'
+ /* Handle error */
+}
+if (envp != NULL) {
+ for (size_t i = 0; envp[i] != NULL; ++i) {
+puts(envp[i]);
+// envp may no longer point to the current environment
+// this program has unanticipated behavior, since envp
+// does not reflect changes made by setenv function.
+ }
+}
+return 0;
+ }
+
+ void previous_call_invalidation() {
+char *p, *pp;
+
+p = getenv("VAR");
+setenv("SOMEVAR", "VALUE", /*overwrite = */1);
+// call to 'setenv' may invalidate p
+
+*p;
+// dereferencing invalid pointer
+ }
+
+
+The ``InvalidatingGetEnv`` option is available for treating getenv calls as
+invalidating. When enabled, the checker issues a warning if getenv is called
+multiple times and their results are used without first creating a copy.
+This level of strictness might be considered overly pedantic for the commonly
+used getenv implementations.
+
+To enable this option, use:
+``-analyzer-config security.cert.env.InvalidPtr:InvalidatingGetEnv=true``.
+
+By default, this option is set to *false*.
+
+When this option is enabled, warnings will be generated for scenarios like the
+following:
+
+.. code-block:: c
+
+ char* p = getenv("VAR");
+ char* pp = getenv("VAR2"); // assumes this call can invalidate `env`
+ strlen(p); // warns about accessing invalid ptr
+
.. _security-FloatLoopCounter:
security.FloatLoopCounter (C)
@@ -2549,75 +2618,6 @@ alpha.security.cert.env
SEI CERT checkers of `Environment C coding rules
`_.
-.. _alpha-security-cert-env-InvalidPtr:
-
-alpha.security.cert.env.InvalidPtr
-""
-
-Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
-
-ENV31-C:
-Rule is about the possible problem with `main` function's third argument,
environment pointer,
-"envp". When environment array is modified using some modification function
-such as putenv, setenv or others, It may happen that memory is reallocated,
-however "envp" is not updated to reflect the changes and points to old memory
-region.
-
-ENV34-C:
-Some functions return a pointer to a statically allocated buffer.
-Consequently, subsequent call of these functions will invalidate previous
-pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
-
-.. code-block:: c
-
- int main(int argc, const char *argv[], const char *envp[]) {
-if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
- // setenv call may invalidate 'envp'
- /* Handle error */
-}
-if (envp != NULL) {
- for (size_t i = 0; envp[i] != NULL; ++i) {
-puts(envp[i]);
-// envp may no longer point to the current environment
-// this program
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
@@ -1009,11 +1002,20 @@ let ParentPackage = ENV in {
"standard), which can lead to false positives depending on "
"implementation.",
"false",
- InAlpha>,
+ Released>,
]>,
Documentation;
-} // end "alpha.cert.env"
+} // end "security.cert.env"
+
+let ParentPackage = POSAlpha in {
+
+ def PutenvWithAuto : Checker<"34c">,
gamesh411 wrote:
The POS package was by default in the alpha hierarchy, and there was no POS
package for non-alpha. For consistent naming, I have renamed the old one to
POSAlpha and introduced a new one with the old name POS. This is why the diff
is confusing.
https://github.com/llvm/llvm-project/pull/71912
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
https://github.com/gamesh411 updated
https://github.com/llvm/llvm-project/pull/71912
From 977e421008c1247d54f4cb67967ed2a353935c03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?=
Date: Fri, 10 Nov 2023 10:08:58 +0100
Subject: [PATCH 1/2] [analyzer] Move security.cert.env.InvalidPtr out of alpha
Thanks to recent improvements in #67663, InvalidPtr checker does
not emit any false positives on the following OS projects:
memcached, tmux, curl, twin, vim, openssl, sqlite, ffmpeg, postgres,
tinyxml2, libwebm, xerces, bitcoin, protobuf, qtbase, contour, acid,
openrct2
---
clang/docs/analyzer/checkers.rst | 138 +-
.../clang/StaticAnalyzer/Checkers/Checkers.td | 28 ++--
clang/test/Analysis/analyzer-config.c | 2 +-
clang/test/Analysis/cert/env31-c.c| 10 +-
.../Analysis/cert/env34-c-cert-examples.c | 10 +-
clang/test/Analysis/cert/env34-c.c| 4 +-
clang/test/Analysis/invalid-ptr-checker.c | 8 +-
7 files changed, 101 insertions(+), 99 deletions(-)
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 40aa06724ccb75c..e922ee3c9f4e239 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -755,6 +755,75 @@ security
Security related checkers.
+.. _security-cert-env-InvalidPtr:
+
+security.cert.env.InvalidPtr
+""
+
+Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
+
+ENV31-C:
+Rule is about the possible problem with `main` function's third argument,
environment pointer,
+"envp". When environment array is modified using some modification function
+such as putenv, setenv or others, It may happen that memory is reallocated,
+however "envp" is not updated to reflect the changes and points to old memory
+region.
+
+ENV34-C:
+Some functions return a pointer to a statically allocated buffer.
+Consequently, subsequent call of these functions will invalidate previous
+pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
+
+.. code-block:: c
+
+ int main(int argc, const char *argv[], const char *envp[]) {
+if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
+ // setenv call may invalidate 'envp'
+ /* Handle error */
+}
+if (envp != NULL) {
+ for (size_t i = 0; envp[i] != NULL; ++i) {
+puts(envp[i]);
+// envp may no longer point to the current environment
+// this program has unanticipated behavior, since envp
+// does not reflect changes made by setenv function.
+ }
+}
+return 0;
+ }
+
+ void previous_call_invalidation() {
+char *p, *pp;
+
+p = getenv("VAR");
+setenv("SOMEVAR", "VALUE", /*overwrite = */1);
+// call to 'setenv' may invalidate p
+
+*p;
+// dereferencing invalid pointer
+ }
+
+
+The ``InvalidatingGetEnv`` option is available for treating getenv calls as
+invalidating. When enabled, the checker issues a warning if getenv is called
+multiple times and their results are used without first creating a copy.
+This level of strictness might be considered overly pedantic for the commonly
+used getenv implementations.
+
+To enable this option, use:
+``-analyzer-config security.cert.env.InvalidPtr:InvalidatingGetEnv=true``.
+
+By default, this option is set to *false*.
+
+When this option is enabled, warnings will be generated for scenarios like the
+following:
+
+.. code-block:: c
+
+ char* p = getenv("VAR");
+ char* pp = getenv("VAR2"); // assumes this call can invalidate `env`
+ strlen(p); // warns about accessing invalid ptr
+
.. _security-FloatLoopCounter:
security.FloatLoopCounter (C)
@@ -2549,75 +2618,6 @@ alpha.security.cert.env
SEI CERT checkers of `Environment C coding rules
`_.
-.. _alpha-security-cert-env-InvalidPtr:
-
-alpha.security.cert.env.InvalidPtr
-""
-
-Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
-
-ENV31-C:
-Rule is about the possible problem with `main` function's third argument,
environment pointer,
-"envp". When environment array is modified using some modification function
-such as putenv, setenv or others, It may happen that memory is reallocated,
-however "envp" is not updated to reflect the changes and points to old memory
-region.
-
-ENV34-C:
-Some functions return a pointer to a statically allocated buffer.
-Consequently, subsequent call of these functions will invalidate previous
-pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
-
-.. code-block:: c
-
- int main(int argc, const char *argv[], const char *envp[]) {
-if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
- // setenv call may invalidate 'envp'
- /* Handle error */
-}
-if (envp != NULL) {
- for (size_t i = 0; envp[i] != NULL; ++i) {
-puts(envp[i]);
-// envp may no longer point to the current environment
-// this program
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
whisperity wrote: Why is the `clang:dataflow` label on this patch? I don't see where dataflow is used. Or is it used plain internally inside the otherwise unmodified checker? https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Move `security.cert.env.InvalidPtr` out of `alpha` (PR #71912)
https://github.com/whisperity edited https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
@@ -1,25 +1,25 @@ // RUN: %clang_analyze_cc1 -analyzer-output=text -Wno-unused %s \ -// RUN: -analyzer-checker=core,alpha.security.cert.env.InvalidPtr \ +// RUN: -analyzer-checker=core,security.cert.env.InvalidPtr \ whisperity wrote: Style nit: format `\` to be in the rightmost column as in the neighbouring code. (This applies to multiple locations in the file.) https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
@@ -1009,11 +1002,20 @@ let ParentPackage = ENV in {
"standard), which can lead to false positives depending on "
"implementation.",
"false",
- InAlpha>,
+ Released>,
]>,
Documentation;
-} // end "alpha.cert.env"
+} // end "security.cert.env"
+
+let ParentPackage = POSAlpha in {
+
+ def PutenvWithAuto : Checker<"34c">,
whisperity wrote:
There are no tests that exercise this checker, either.
https://github.com/llvm/llvm-project/pull/71912
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
@@ -1009,11 +1002,20 @@ let ParentPackage = ENV in {
"standard), which can lead to false positives depending on "
"implementation.",
"false",
- InAlpha>,
+ Released>,
]>,
Documentation;
-} // end "alpha.cert.env"
+} // end "security.cert.env"
+
+let ParentPackage = POSAlpha in {
+
+ def PutenvWithAuto : Checker<"34c">,
whisperity wrote:
What is moving out of `alpha.` here? This patch is adding some different
checker to alpha. Where is the documentation for `alpha.cert.pos.34c`?
https://github.com/llvm/llvm-project/pull/71912
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
@@ -1,18 +1,18 @@ // Default options. // RUN: %clang_analyze_cc1 \ -// RUN: -analyzer-checker=core,alpha.security.cert.env.InvalidPtr \ +// RUN: -analyzer-checker=core,security.cert.env.InvalidPtr \ whisperity wrote: `\`, ditto, in multiple locations in this file. https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
@@ -1,12 +1,12 @@ // RUN: %clang_analyze_cc1 \ -// RUN: -analyzer-checker=alpha.security.cert.env.InvalidPtr \ -// RUN: -analyzer-config alpha.security.cert.env.InvalidPtr:InvalidatingGetEnv=false \ +// RUN: -analyzer-checker=security.cert.env.InvalidPtr \ whisperity wrote: `\`, ditto. https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
@@ -755,6 +755,75 @@ security Security related checkers. +.. _security-cert-env-InvalidPtr: + +security.cert.env.InvalidPtr +"" + +Corresponds to SEI CERT Rules ENV31-C and ENV34-C. + +ENV31-C: +Rule is about the possible problem with `main` function's third argument, environment pointer, +"envp". When environment array is modified using some modification function +such as putenv, setenv or others, It may happen that memory is reallocated, +however "envp" is not updated to reflect the changes and points to old memory +region. + +ENV34-C: +Some functions return a pointer to a statically allocated buffer. +Consequently, subsequent call of these functions will invalidate previous +pointer. These functions include: getenv, localeconv, asctime, setlocale, strerror whisperity wrote: I know you only moved the source of the documentation here, but will these render nicely? Currently the "alpha" version looks like this:  I'm mainly used to Tidy documentation, so take this with a generous pinch of salt, but... Perhaps we should ensure the function names are monospace, that the "header" for `ENV31-C` and `ENV34-C` are more highlighted. Maybe they can be parts of a bulleted list, even, instead of just two separate paragraphs? https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
https://github.com/gamesh411 edited https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
https://github.com/DonatNagyE approved this pull request. LGTM. The test results sound convincing and this is just a checker-rename commit that doesn't contain "actual" code changes that could've introduced bugs. https://github.com/llvm/llvm-project/pull/71912 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
llvmbot wrote:
@llvm/pr-subscribers-clang-static-analyzer-1
Author: Endre Fülöp (gamesh411)
Changes
Thanks to recent improvements in #67663, InvalidPtr checker does not
emit any false positives on the following OS projects: memcached, tmux, curl,
twin, vim, openssl, sqlite, ffmpeg, postgres, tinyxml2, libwebm, xerces,
bitcoin, protobuf, qtbase, contour, acid, openrct2.
---
Full diff: https://github.com/llvm/llvm-project/pull/71912.diff
7 Files Affected:
- (modified) clang/docs/analyzer/checkers.rst (+69-69)
- (modified) clang/include/clang/StaticAnalyzer/Checkers/Checkers.td (+15-13)
- (modified) clang/test/Analysis/analyzer-config.c (+1-1)
- (modified) clang/test/Analysis/cert/env31-c.c (+5-5)
- (modified) clang/test/Analysis/cert/env34-c-cert-examples.c (+5-5)
- (modified) clang/test/Analysis/cert/env34-c.c (+2-2)
- (modified) clang/test/Analysis/invalid-ptr-checker.c (+4-4)
``diff
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 43137f4b020f9f7..ff4559aa89d96a0 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -755,6 +755,75 @@ security
Security related checkers.
+.. _security-cert-env-InvalidPtr:
+
+security.cert.env.InvalidPtr
+""
+
+Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
+
+ENV31-C:
+Rule is about the possible problem with `main` function's third argument,
environment pointer,
+"envp". When environment array is modified using some modification function
+such as putenv, setenv or others, It may happen that memory is reallocated,
+however "envp" is not updated to reflect the changes and points to old memory
+region.
+
+ENV34-C:
+Some functions return a pointer to a statically allocated buffer.
+Consequently, subsequent call of these functions will invalidate previous
+pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
+
+.. code-block:: c
+
+ int main(int argc, const char *argv[], const char *envp[]) {
+if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
+ // setenv call may invalidate 'envp'
+ /* Handle error */
+}
+if (envp != NULL) {
+ for (size_t i = 0; envp[i] != NULL; ++i) {
+puts(envp[i]);
+// envp may no longer point to the current environment
+// this program has unanticipated behavior, since envp
+// does not reflect changes made by setenv function.
+ }
+}
+return 0;
+ }
+
+ void previous_call_invalidation() {
+char *p, *pp;
+
+p = getenv("VAR");
+setenv("SOMEVAR", "VALUE", /*overwrite = */1);
+// call to 'setenv' may invalidate p
+
+*p;
+// dereferencing invalid pointer
+ }
+
+
+The ``InvalidatingGetEnv`` option is available for treating getenv calls as
+invalidating. When enabled, the checker issues a warning if getenv is called
+multiple times and their results are used without first creating a copy.
+This level of strictness might be considered overly pedantic for the commonly
+used getenv implementations.
+
+To enable this option, use:
+``-analyzer-config security.cert.env.InvalidPtr:InvalidatingGetEnv=true``.
+
+By default, this option is set to *false*.
+
+When this option is enabled, warnings will be generated for scenarios like the
+following:
+
+.. code-block:: c
+
+ char* p = getenv("VAR");
+ char* pp = getenv("VAR2"); // assumes this call can invalidate `env`
+ strlen(p); // warns about accessing invalid ptr
+
.. _security-FloatLoopCounter:
security.FloatLoopCounter (C)
@@ -2479,75 +2548,6 @@ alpha.security.cert.env
SEI CERT checkers of `Environment C coding rules
`_.
-.. _alpha-security-cert-env-InvalidPtr:
-
-alpha.security.cert.env.InvalidPtr
-""
-
-Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
-
-ENV31-C:
-Rule is about the possible problem with `main` function's third argument,
environment pointer,
-"envp". When environment array is modified using some modification function
-such as putenv, setenv or others, It may happen that memory is reallocated,
-however "envp" is not updated to reflect the changes and points to old memory
-region.
-
-ENV34-C:
-Some functions return a pointer to a statically allocated buffer.
-Consequently, subsequent call of these functions will invalidate previous
-pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
-
-.. code-block:: c
-
- int main(int argc, const char *argv[], const char *envp[]) {
-if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
- // setenv call may invalidate 'envp'
- /* Handle error */
-}
-if (envp != NULL) {
- for (size_t i = 0; envp[i] != NULL; ++i) {
-puts(envp[i]);
-// envp may no longer point to the current environment
-// this program has unanticipated behavior, since envp
-// does not reflect changes made by setenv function.
- }
-}
-return
[clang] [analyzer] Move security.cert.env.InvalidPtr out of alpha (PR #71912)
https://github.com/gamesh411 created
https://github.com/llvm/llvm-project/pull/71912
Thanks to recent improvements in #67663, InvalidPtr checker does not emit any
false positives on the following OS projects: memcached, tmux, curl, twin, vim,
openssl, sqlite, ffmpeg, postgres, tinyxml2, libwebm, xerces, bitcoin,
protobuf, qtbase, contour, acid, openrct2.
From 2d94271affd27c5ebf1073a9effbe6c7815f5c01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?=
Date: Fri, 10 Nov 2023 10:08:58 +0100
Subject: [PATCH] [analyzer] Move security.cert.env.InvalidPtr out of alpha
Thanks to recent improvements in #67663, InvalidPtr checker does
not emit any false positives on the following OS projects:
memcached, tmux, curl, twin, vim, openssl, sqlite, ffmpeg, postgres,
tinyxml2, libwebm, xerces, bitcoin, protobuf, qtbase, contour, acid,
openrct2
---
clang/docs/analyzer/checkers.rst | 138 +-
.../clang/StaticAnalyzer/Checkers/Checkers.td | 28 ++--
clang/test/Analysis/analyzer-config.c | 2 +-
clang/test/Analysis/cert/env31-c.c| 10 +-
.../Analysis/cert/env34-c-cert-examples.c | 10 +-
clang/test/Analysis/cert/env34-c.c| 4 +-
clang/test/Analysis/invalid-ptr-checker.c | 8 +-
7 files changed, 101 insertions(+), 99 deletions(-)
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 43137f4b020f9f7..ff4559aa89d96a0 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -755,6 +755,75 @@ security
Security related checkers.
+.. _security-cert-env-InvalidPtr:
+
+security.cert.env.InvalidPtr
+""
+
+Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
+
+ENV31-C:
+Rule is about the possible problem with `main` function's third argument,
environment pointer,
+"envp". When environment array is modified using some modification function
+such as putenv, setenv or others, It may happen that memory is reallocated,
+however "envp" is not updated to reflect the changes and points to old memory
+region.
+
+ENV34-C:
+Some functions return a pointer to a statically allocated buffer.
+Consequently, subsequent call of these functions will invalidate previous
+pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
+
+.. code-block:: c
+
+ int main(int argc, const char *argv[], const char *envp[]) {
+if (setenv("MY_NEW_VAR", "new_value", 1) != 0) {
+ // setenv call may invalidate 'envp'
+ /* Handle error */
+}
+if (envp != NULL) {
+ for (size_t i = 0; envp[i] != NULL; ++i) {
+puts(envp[i]);
+// envp may no longer point to the current environment
+// this program has unanticipated behavior, since envp
+// does not reflect changes made by setenv function.
+ }
+}
+return 0;
+ }
+
+ void previous_call_invalidation() {
+char *p, *pp;
+
+p = getenv("VAR");
+setenv("SOMEVAR", "VALUE", /*overwrite = */1);
+// call to 'setenv' may invalidate p
+
+*p;
+// dereferencing invalid pointer
+ }
+
+
+The ``InvalidatingGetEnv`` option is available for treating getenv calls as
+invalidating. When enabled, the checker issues a warning if getenv is called
+multiple times and their results are used without first creating a copy.
+This level of strictness might be considered overly pedantic for the commonly
+used getenv implementations.
+
+To enable this option, use:
+``-analyzer-config security.cert.env.InvalidPtr:InvalidatingGetEnv=true``.
+
+By default, this option is set to *false*.
+
+When this option is enabled, warnings will be generated for scenarios like the
+following:
+
+.. code-block:: c
+
+ char* p = getenv("VAR");
+ char* pp = getenv("VAR2"); // assumes this call can invalidate `env`
+ strlen(p); // warns about accessing invalid ptr
+
.. _security-FloatLoopCounter:
security.FloatLoopCounter (C)
@@ -2479,75 +2548,6 @@ alpha.security.cert.env
SEI CERT checkers of `Environment C coding rules
`_.
-.. _alpha-security-cert-env-InvalidPtr:
-
-alpha.security.cert.env.InvalidPtr
-""
-
-Corresponds to SEI CERT Rules ENV31-C and ENV34-C.
-
-ENV31-C:
-Rule is about the possible problem with `main` function's third argument,
environment pointer,
-"envp". When environment array is modified using some modification function
-such as putenv, setenv or others, It may happen that memory is reallocated,
-however "envp" is not updated to reflect the changes and points to old memory
-region.
-
-ENV34-C:
-Some functions return a pointer to a statically allocated buffer.
-Consequently, subsequent call of these functions will invalidate previous
-pointer. These functions include: getenv, localeconv, asctime, setlocale,
strerror
-
-.. code-block:: c
-
- int main(int argc, const char *argv[], const char *envp[]) {
-if (setenv("MY_NEW_VAR", "new_value", 1) !=
