martong added inline comments.
================
Comment at: clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp:208
if (state_exceedsUpperBound && state_withinUpperBound) {
- SVal ByteOffset = rawOffset.getByteOffset();
- if (isTainted(state, ByteOffset)) {
+ if (isTainted(state, *upperboundToCheck)) {
reportOOB(checkerContext, state_exceedsUpperBound, OOB_Tainted,
----------------
Could you please explain why we change `rawOffset` to `*upperBoundToCheck`? And
perhaps the same explanation could infiltrate into the checker's code itself as
a comment to `upperbound`.
================
Comment at: clang/test/Analysis/taint-diagnostic-visitor.c:46-48
+ int *p = (int *)malloc(x + conj); // Generic taint checker forbids tainted
allocation.
+ // expected-warning@-1 {{Untrusted data is used to specify the buffer size}}
+ // expected-note@-2 {{Untrusted data is used to specify the buffer size}}
----------------
Could we get rid of the seemingly unrelated malloc taint report by using an
array on the stack?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D125524/new/
https://reviews.llvm.org/D125524
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
