[LLVMbugs] [Bug 13886] New: proposed new code for added functionality and improvement in Checker GenericTaintChecker and CStringChecker

bugzilla-daemon Thu, 20 Sep 2012 06:50:00 -0700

http://llvm.org/bugs/show_bug.cgi?id=13886


             Bug #: 13886
           Summary: proposed new code for added functionality and
                    improvement in Checker GenericTaintChecker and
                    CStringChecker
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected]
    Classification: Unclassified


Created attachment 9240
  --> http://llvm.org/bugs/attachment.cgi?id=9240
Patch on version trunk

CStringChecker:
Added functionality to detect the memory overflow (src tainted sizeof > dst
sizeof) during a memory copy from an input tainted

GenericTaintChecker:
Adding functions propagation: strlen, strtok, fgets
Improvement detect stdin and adding on entry "0"

Removing the removal of the tag propagation on the old element or propagated
source... 
exemple:
fgets(addr, sizeof(addr), stdin); stdin -> addr(tainted)
sprintf(buffer, "test 1 %s", addr); addr -> buffer(tainted) but with old
version, addr no longer had the tag propagation, if it was reused by another
copy function then we would not see the spread.

Sorry for my english...

cordially,
Lionel

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs

[LLVMbugs] [Bug 13886] New: proposed new code for added functionality and improvement in Checker GenericTaintChecker and CStringChecker

Reply via email to