[clang] [analyzer] TaintPropagation checker strlen() should not propagate (PR #66086)

Balazs Benics via cfe-commits Thu, 14 Sep 2023 02:34:02 -0700

================
@@ -915,24 +915,6 @@ void testStrndupa(size_t n) {
   clang_analyzer_isTainted_charp(result); // expected-warning {{YES}}
 }
 
-size_t strlen(const char *s);
-void testStrlen() {
-  char s[10];
-  scanf("%9s", s);
-
-  size_t result = strlen(s);
-  clang_analyzer_isTainted_int(result); // expected-warning {{YES}}
-}
-
-size_t strnlen(const char *s, size_t maxlen);
-void testStrnlen(size_t maxlen) {
-  char s[10];
-  scanf("%9s", s);
-
-  size_t result = strnlen(s, maxlen);
-  clang_analyzer_isTainted_int(result); // expected-warning {{YES}}
-}
-
----------------
steakhal wrote:


In general, I oppose removing FN tests. They are good at documenting intent, if 
for nothing else.
It might be even better to add comments there about why we think it's okay and 
intentional to not propagate taint there. Also, adding a PR link would give the 
possibility to look deeper to understand the why.

https://github.com/llvm/llvm-project/pull/66086
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] TaintPropagation checker strlen() should not propagate (PR #66086)

Reply via email to