[clang] [analyzer][clangsa] Add new option to alpha.security.cert.InvalidPtrChecker (PR #67663)

Mon, 09 Oct 2023 01:20:37 -0700 

================
@@ -94,23 +119,40 @@ REGISTER_MAP_WITH_PROGRAMSTATE(PreviousCallResultMap, 
const FunctionDecl *,
 void InvalidPtrChecker::EnvpInvalidatingCall(const CallEvent &Call,
                                              CheckerContext &C) const {
   StringRef FunctionName = Call.getCalleeIdentifier()->getName();
-  ProgramStateRef State = C.getState();
-  const MemRegion *SymbolicEnvPtrRegion = State->get<EnvPtrRegion>();
-  if (!SymbolicEnvPtrRegion)
-    return;
-
-  State = State->add<InvalidMemoryRegions>(SymbolicEnvPtrRegion);
 
-  const NoteTag *Note =
-      C.getNoteTag([SymbolicEnvPtrRegion, FunctionName](
-                       PathSensitiveBugReport &BR, llvm::raw_ostream &Out) {
-        if (!BR.isInteresting(SymbolicEnvPtrRegion))
-          return;
-        Out << '\'' << FunctionName
-            << "' call may invalidate the environment parameter of 'main'";
-      });
+  auto PlaceInvalidationNote = [&C, FunctionName](ProgramStateRef State,
+                                                  const MemRegion *Region,
+                                                  StringRef Message,
+                                                  ExplodedNode *Pred) {
+    State = State->add<InvalidMemoryRegions>(Region);
+
+    // Make copy of string data for the time when notes are *actually* created.
+    const NoteTag *Note =
+        C.getNoteTag([Region, FunctionName = std::string{FunctionName},
+                      Message = std::string{Message}](
+                         PathSensitiveBugReport &BR, llvm::raw_ostream &Out) {
+          if (!BR.isInteresting(Region) ||
+              &BR.getBugType() != InvalidPtrBugType)
+            return;
+          Out << '\'' << FunctionName << "' " << Message;
+          BR.markNotInteresting(Region);
+        });
+    return C.addTransition(State, Pred, Note);
+  };
 
-  C.addTransition(State, Note);
+  ProgramStateRef State = C.getState();
+  ExplodedNode *CurrentChainEnd = C.getPredecessor();
+
+  if (const MemRegion *MainEnvPtr = State->get<MainEnvPtrRegion>())
+    CurrentChainEnd = PlaceInvalidationNote(
+        State, MainEnvPtr,
+        "call may invalidate the environment parameter of 'main'",
+        CurrentChainEnd);
+
+  for (const MemRegion *EnvPtr : State->get<GetenvEnvPtrRegions>())
+    CurrentChainEnd = PlaceInvalidationNote(
+        State, EnvPtr, "call may invalidate the environment returned by 
getenv",
+        CurrentChainEnd);
----------------
gamesh411 wrote:

I have a test now, and could indeed verify, that without marking the 
invalidation regions *not* interesting, this test fails
https://github.com/llvm/llvm-project/pull/67663/commits/d15e570f37f6fb321daf3742231408585f577137

https://github.com/llvm/llvm-project/pull/67663
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to