[clang] [analyzer][clangsa] Add new option to alpha.security.cert.InvalidPtrChecker (PR #67663)

Mon, 09 Oct 2023 04:40:12 -0700 

Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>,
Endre =?utf-8?q?Fülöp?= <[email protected]>
Message-ID:
In-Reply-To: <llvm/llvm-project/pull/67663/[email protected]>


================
@@ -84,33 +104,70 @@ class InvalidPtrChecker
 REGISTER_SET_WITH_PROGRAMSTATE(InvalidMemoryRegions, const MemRegion *)
 
 // Stores the region of the environment pointer of 'main' (if present).
-REGISTER_TRAIT_WITH_PROGRAMSTATE(EnvPtrRegion, const MemRegion *)
+REGISTER_TRAIT_WITH_PROGRAMSTATE(MainEnvPtrRegion, const MemRegion *)
+
+// Stores the regions of environments returned by getenv calls.
+REGISTER_SET_WITH_PROGRAMSTATE(GetenvEnvPtrRegions, const MemRegion *)
 
 // Stores key-value pairs, where key is function declaration and value is
 // pointer to memory region returned by previous call of this function
 REGISTER_MAP_WITH_PROGRAMSTATE(PreviousCallResultMap, const FunctionDecl *,
                                const MemRegion *)
 
+const NoteTag *InvalidPtrChecker::createEnvInvalidationNote(
+    CheckerContext &C, ProgramStateRef State, StringRef FunctionName) const {
+
+  const MemRegion *MainRegion = State->get<MainEnvPtrRegion>();
+  const auto GetenvRegions = State->get<GetenvEnvPtrRegions>();
+
+  return C.getNoteTag([this, MainRegion, GetenvRegions,
+                       FunctionName = std::string{FunctionName}](
+                          PathSensitiveBugReport &BR, llvm::raw_ostream &Out) {
+    auto IsInterestingForInvalidation = [this, &BR](const MemRegion *R) {
+      return R && &BR.getBugType() == &InvalidPtrBugType && 
BR.isInteresting(R);
+    };
----------------
DonatNagyE wrote:

```suggestion
    if (&BR.getBugType() != &InvalidPtrBugType);
      return;
    auto IsInterestingForInvalidation = [&BR](const MemRegion *R) {
      return R && BR.isInteresting(R);
    };
```
Perform an early return for unrelated bugs instead of capturing `this` in the 
inner lambda!

In fact, after this simplification you can just eliminate the the inner lambda 
by inlining its definition. (I'd guess that `GetenvRegions` doesn't contain 
nullpointers, so there you can omit the `R &&` check.)

https://github.com/llvm/llvm-project/pull/67663
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to