granicus.if.org Git - clang/commit

author	Anna Zaks <ganna@apple.com>
	Wed, 16 Nov 2011 19:58:17 +0000 (19:58 +0000)
committer	Anna Zaks <ganna@apple.com>
	Wed, 16 Nov 2011 19:58:17 +0000 (19:58 +0000)
commit	9b0970f2c7fdc070b18e113f0bbd96e7f77b4f54
tree	0a9158cf1321a76cc4694cd93846f8d8a23d83f9	tree \| snapshot
parent	df18c5ae6c48d3b56f7f9550875c53dc46eb8d78	commit \| diff

[analyzer] Catch the first taint propagation implied buffer overflow.

Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows
when the offset is tainted. Previously, we did not report bugs when the state was
underconstrained (not enough information about the bound to determine if there is
an overflow) to avoid false positives. However, if we know that the buffer
offset is tainted - comes in from the user space and can be anything, we should
report it as a bug.

+ The very first example of us catching a taint related bug.
This is the only example we can currently handle. More to come...

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144826 91177308-0d34-0410-b5e6-96231b3b80d8

lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp		diff \| blob \| history
test/Analysis/taint-generic.c	[new file with mode: 0644]	blob