[PATCH] D73629: [analyzer] vfork checker: allow execve after vfork

Wed, 29 Jan 2020 07:31:59 -0800 

janvcelak created this revision.
janvcelak added a reviewer: dcoughlin.
Herald added subscribers: cfe-commits, Charusso, dkrupp, donat.nagy, Szelethus, 
mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware, xazax.hun.
Herald added a project: clang.

`execve` is missing in the list of functions that are allowed after `vfork()`. 
As a result, clang analyzer reports the following false positive:

  #include <unistd.h>
  
  int main(int argc, char *argv[])
  {
        char *a[] = {"true", NULL};
        char *e[] = {NULL};
        if (vfork() == 0) {
                execve("/bin/true", a, e);
                _exit(1);
        }
        return 0;
  }



  $ scan-build clang -Wall -c repro.c      
  scan-build: Using '/usr/bin/clang-9' for static analysis
  repro.c:7:6: warning: Call to function 'vfork' is insecure as it can lead to 
denial of service situations in the parent process. Replace calls to vfork with 
calls to the safer 'posix_spawn' function
          if (vfork() == 0) {
              ^~~~~
  repro.c:8:3: warning: This function call is prohibited after a successful 
vfork
                  execve("/bin/true", a, e);
                  ^~~~~~~~~~~~~~~~~~~~~~~~~
  2 warnings generated.
  scan-build: 2 bugs found.
  scan-build: Run 'scan-view /tmp/scan-build-2020-01-29-162705-3770808-1' to 
examine bug reports.

The list of exec functions in the code is take from the `exec(3)` man page 
which are just a fronted for `execve(2)`. Quoting the manual page:

> The  exec() family of functions replaces the current process image with a new 
> process image.  The functions escribed in this manual page are front-ends for 
> execve(2).  (See the manual page for execve(2) for further details about the 
> replacement of the current process image.)


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D73629

Files:
  clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp


Index: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
@@ -106,6 +106,7 @@
       "execv",
       "execvp",
       "execvpe",
+      "execve",
       nullptr
     };
 



Index: clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/VforkChecker.cpp
@@ -106,6 +106,7 @@
       "execv",
       "execvp",
       "execvpe",
+      "execve",
       nullptr
     };
 

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to