mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-26 02:26:07 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Analysis/invalid-ptr-checker.c
Endre Fülöp b98a594977
[clang][analyzer] Move security.cert.env.InvalidPtr out of alpha (#71912) 
Thanks to recent improvements in #67663, InvalidPtr checker does not
emit any false positives on the following OS projects: memcached, tmux,
curl, twin, vim, openssl, sqlite, ffmpeg, postgres, tinyxml2, libwebm,
xerces, bitcoin, protobuf, qtbase, contour, acid, openrct2. (Before the
changes mentioned above, there were 27 reports, catching the `getenv`
invalidates previous `getenv` results cases. That strict behaviour is
disabled by default)
2023-11-24 10:02:56 +01:00

64 lines
2.4 KiB
C
Raw Blame History

// RUN: %clang_analyze_cc1 \
// RUN: -analyzer-checker=security.cert.env.InvalidPtr \
// RUN: -analyzer-config security.cert.env.InvalidPtr:InvalidatingGetEnv=false \
// RUN: -analyzer-output=text -verify -Wno-unused %s
//
// RUN: %clang_analyze_cc1 \
// RUN: -analyzer-checker=security.cert.env.InvalidPtr \
// RUN: -analyzer-config \
// RUN: security.cert.env.InvalidPtr:InvalidatingGetEnv=true \
// RUN: -analyzer-output=text -verify=expected,pedantic -Wno-unused %s
#include "Inputs/system-header-simulator.h"
char *getenv(const char *name);
int setenv(const char *name, const char *value, int overwrite);
int strcmp(const char *, const char *);
int custom_env_handler(const char **envp);
void getenv_after_getenv(void) {
char *v1 = getenv("V1");
// pedantic-note@-1{{previous function call was here}}
char *v2 = getenv("V2");
// pedantic-note@-1{{'getenv' call may invalidate the result of the previous 'getenv'}}
strcmp(v1, v2);
// pedantic-warning@-1{{use of invalidated pointer 'v1' in a function call}}
// pedantic-note@-2{{use of invalidated pointer 'v1' in a function call}}
}
void setenv_after_getenv(void) {
char *v1 = getenv("VAR1");
setenv("VAR2", "...", 1);
// expected-note@-1{{'setenv' call may invalidate the environment returned by 'getenv'}}
strcmp(v1, "");
// expected-warning@-1{{use of invalidated pointer 'v1' in a function call}}
// expected-note@-2{{use of invalidated pointer 'v1' in a function call}}
}
int main(int argc, const char *argv[], const char *envp[]) {
setenv("VAR", "...", 0);
// expected-note@-1 2 {{'setenv' call may invalidate the environment parameter of 'main'}}
*envp;
// expected-warning@-1 2 {{dereferencing an invalid pointer}}
// expected-note@-2 2 {{dereferencing an invalid pointer}}
}
void multiple_invalidation_no_duplicate_notes(void) {
char *v1 = getenv("VAR1");
setenv("VAR2", "...", 1); // no note here
setenv("VAR3", "...", 1);
// expected-note@-1{{'setenv' call may invalidate the environment returned by 'getenv'}}
strcmp(v1, "");
// expected-warning@-1{{use of invalidated pointer 'v1' in a function call}}
// expected-note@-2{{use of invalidated pointer 'v1' in a function call}}
}
Reference in New Issue View Git Blame Copy Permalink