This revision was landed with ongoing or failed builds.
This revision was automatically updated to reflect the committed changes.
Closed by commit rG2b6160ea3f9a: [analyzer] MmapWriteExecChecker: use getAs
instead of castAs (authored by dingfei <fd...@feysh.com>).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D158953/new/
https://reviews.llvm.org/D158953
Files:
clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
clang/test/Analysis/mmap-writeexec.c
Index: clang/test/Analysis/mmap-writeexec.c
===================================================================
--- clang/test/Analysis/mmap-writeexec.c
+++ clang/test/Analysis/mmap-writeexec.c
@@ -42,3 +42,9 @@
int m = mprotect(p, 1024, PROT_WRITE | PROT_EXEC); // expected-warning{{Both
PROT_WRITE and PROT_EXEC flags are set. This can lead to exploitable memory
regions, which could be overwritten with malicious code}}
(void)m;
}
+
+// gh62285: no crash on non concrete arg 'prot'
+void *gh62285(void *addr, int prot)
+{
+ return mmap(addr, 1, prot, 1, 1, 1);
+}
Index: clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
@@ -48,8 +48,10 @@
CheckerContext &C) const {
if (matchesAny(Call, MmapFn, MprotectFn)) {
SVal ProtVal = Call.getArgSVal(2);
- auto ProtLoc = ProtVal.castAs<nonloc::ConcreteInt>();
- int64_t Prot = ProtLoc.getValue().getSExtValue();
+ auto ProtLoc = ProtVal.getAs<nonloc::ConcreteInt>();
+ if (!ProtLoc)
+ return;
+ int64_t Prot = ProtLoc->getValue().getSExtValue();
if (ProtExecOv != ProtExec)
ProtExec = ProtExecOv;
if (ProtReadOv != ProtRead)
Index: clang/test/Analysis/mmap-writeexec.c
===================================================================
--- clang/test/Analysis/mmap-writeexec.c
+++ clang/test/Analysis/mmap-writeexec.c
@@ -42,3 +42,9 @@
int m = mprotect(p, 1024, PROT_WRITE | PROT_EXEC); // expected-warning{{Both PROT_WRITE and PROT_EXEC flags are set. This can lead to exploitable memory regions, which could be overwritten with malicious code}}
(void)m;
}
+
+// gh62285: no crash on non concrete arg 'prot'
+void *gh62285(void *addr, int prot)
+{
+ return mmap(addr, 1, prot, 1, 1, 1);
+}
Index: clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp
@@ -48,8 +48,10 @@
CheckerContext &C) const {
if (matchesAny(Call, MmapFn, MprotectFn)) {
SVal ProtVal = Call.getArgSVal(2);
- auto ProtLoc = ProtVal.castAs<nonloc::ConcreteInt>();
- int64_t Prot = ProtLoc.getValue().getSExtValue();
+ auto ProtLoc = ProtVal.getAs<nonloc::ConcreteInt>();
+ if (!ProtLoc)
+ return;
+ int64_t Prot = ProtLoc->getValue().getSExtValue();
if (ProtExecOv != ProtExec)
ProtExec = ProtExecOv;
if (ProtReadOv != ProtRead)
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
