[clang] [clang][analyzer] Check for label location bindings in `DereferenceChecker` (PR #91119)

Sun, 05 May 2024 05:40:19 -0700 

llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-clang

Author: Rajveer Singh Bharadwaj (Rajveer100)

<details>
<summary>Changes</summary>

Resolves #<!-- -->89264

Values should not be stored in addresses of labels, this throws a fatal error 
when this happens.

---
Full diff: https://github.com/llvm/llvm-project/pull/91119.diff


2 Files Affected:

- (modified) clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp (+7) 
- (added) clang/test/Analysis/Issue89264.c (+13) 


``````````diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 1cebfbbee77dae..a1770e15ad7d52 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -286,6 +286,13 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const 
Stmt *S,
   // If we're binding to a reference, check if the value is known to be null.
   if (V.isUndef())
     return;
+    
+  // One should never write to label addresses.
+  if (auto Label = L.getAs<loc::GotoLabel>()) {
+    llvm::errs() << "WRITING TO LABEL: " << L << "\n";
+    llvm::errs() << "Fatal Error: " << "Dereference of the address of a label" 
<< "\n";
+    return;
+  }
 
   const MemRegion *MR = L.getAsRegion();
   const TypedValueRegion *TVR = dyn_cast_or_null<TypedValueRegion>(MR);
diff --git a/clang/test/Analysis/Issue89264.c b/clang/test/Analysis/Issue89264.c
new file mode 100644
index 00000000000000..1592bc20ee56f2
--- /dev/null
+++ b/clang/test/Analysis/Issue89264.c
@@ -0,0 +1,13 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -verify 
%s
+
+void clang_analyzer_dump(char);
+void clang_analyzer_dump_ptr(char*);
+
+// https://github.com/llvm/llvm-project/issues/89185
+void binding_to_label_loc() {
+  char *b = &&MyLabel;
+MyLabel:
+  *b = 0; // no-crash
+  clang_analyzer_dump_ptr(b); // expected-warning {{&&MyLabel}}
+  clang_analyzer_dump(*b); // expected-warning {{Unknown}}
+}

``````````

</details>


https://github.com/llvm/llvm-project/pull/91119
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to