diff options
| author | Balazs Benics <benicsbalazs@gmail.com> | 2024-04-17 08:02:49 +0200 |
|---|---|---|
| committer | Tom Stellard <tstellar@redhat.com> | 2024-04-23 08:52:08 -0700 |
| commit | 4ddac856c55f6352d0004a1734ca4651511aadbb (patch) | |
| tree | 20ed8b90567153a646f4ee47701a391a386c06e3 | |
| parent | c6d63d4fc555cf743503a3418ad78768bc276042 (diff) | |
| download | llvm-4ddac856c55f6352d0004a1734ca4651511aadbb.tar.gz | |
[analyzer] Fix a security.cert.env.InvalidPtr crash
Fixes #88181
(cherry picked from commit e096c144921daba59963f15e89d2ca6fb32d3a78)
| -rw-r--r-- | clang/docs/ReleaseNotes.rst | 4 | ||||
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp | 6 | ||||
| -rw-r--r-- | clang/test/Analysis/invalid-ptr-checker.cpp | 10 |
3 files changed, 19 insertions, 1 deletions
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index ce7e615d8789..1e88b58725bd 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -1474,6 +1474,10 @@ Crash and bug fixes - Fix false positive in mutation check when using pointer to member function. (`#66204 <https://github.com/llvm/llvm-project/issues/66204>`_) +- Fixed a crash in ``security.cert.env.InvalidPtr`` checker when accidentally + matched user-defined ``strerror`` and similar library functions. + (`#88181 <https://github.com/llvm/llvm-project/issues/88181>`_) + Improvements ^^^^^^^^^^^^ diff --git a/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp index e5dd907c660d..b2947f590c4e 100644 --- a/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/cert/InvalidPtrChecker.cpp @@ -205,8 +205,12 @@ void InvalidPtrChecker::postPreviousReturnInvalidatingCall( CE, LCtx, CE->getType(), C.blockCount()); State = State->BindExpr(CE, LCtx, RetVal); + const auto *SymRegOfRetVal = + dyn_cast_or_null<SymbolicRegion>(RetVal.getAsRegion()); + if (!SymRegOfRetVal) + return; + // Remember to this region. - const auto *SymRegOfRetVal = cast<SymbolicRegion>(RetVal.getAsRegion()); const MemRegion *MR = SymRegOfRetVal->getBaseRegion(); State = State->set<PreviousCallResultMap>(FD, MR); diff --git a/clang/test/Analysis/invalid-ptr-checker.cpp b/clang/test/Analysis/invalid-ptr-checker.cpp new file mode 100644 index 000000000000..58bb45e0fb84 --- /dev/null +++ b/clang/test/Analysis/invalid-ptr-checker.cpp @@ -0,0 +1,10 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.cert.env.InvalidPtr -verify %s + +// expected-no-diagnostics + +namespace other { +int strerror(int errnum); // custom strerror +void no_crash_on_custom_strerror() { + (void)strerror(0); // no-crash +} +} // namespace other |