KeychainAPI checker: only check the paths on which the allocator function returned...

author Anna Zaks <ganna@apple.com>

Tue, 2 Aug 2011 17:11:03 +0000 (17:11 +0000)

committer Anna Zaks <ganna@apple.com>

Tue, 2 Aug 2011 17:11:03 +0000 (17:11 +0000)
author Anna Zaks <ganna@apple.com>
Tue, 2 Aug 2011 17:11:03 +0000 (17:11 +0000)
committer Anna Zaks <ganna@apple.com>
Tue, 2 Aug 2011 17:11:03 +0000 (17:11 +0000)
diff --git a/lib/StaticAnalyzer/Checkers/Checkers.td b/lib/StaticAnalyzer/Checkers/Checkers.td

index a450240286f791515ecc3df5310f1d7981e71626..fee689fd6fb92da9f3185a5716fb5ce2ec2890bf 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/Checkers.td
+++ b/lib/StaticAnalyzer/Checkers/Checkers.td
@@ -281,7 +281,7 @@ def OSAtomicChecker : Checker<"AtomicCAS">,
  let ParentPackage = OSXExperimental in {
  
  def MacOSKeychainAPIChecker : Checker<"KeychainAPI">,
-  InPackage<OSX>,
+  InPackage<OSXExperimental>,
    HelpText<"Check for proper uses of Secure Keychain APIs">,
    DescFile<"MacOSKeychainAPIChecker.cpp">;
  
diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp

index 3e80d9cc428be170e678e5835123e3c812b39014..f9a43fdc3a4fc569f0c9b6747973212507a056b6 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
@@ -119,10 +119,21 @@ void MacOSKeychainAPIChecker::checkPostStmt(const CallExpr *CE,
    if (idx != InvalidParamVal) {
      SVal Param = State->getSVal(CE->getArg(idx));
      if (const loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(&Param)) {
-      SymbolRef V = SM.Retrieve (State->getStore(), *X).getAsSymbol();
+      // Add the symbolic value, which represents the location of the allocated
+      // data, to the set.
+      SymbolRef V = SM.Retrieve(State->getStore(), *X).getAsSymbol();
        if (!V)
          return;
        State = State->add<AllocatedData>(V);
+
+      // We only need to track the value if the function returned noErr(0), so
+      // bind the return value of the function to 0.
+      SValBuilder &Builder = C.getSValBuilder();
+      SVal ZeroVal = Builder.makeZeroVal(Builder.getContext().CharTy);
+      State = State->BindExpr(CE, ZeroVal);
+      assert(State);
+
+      // Proceed from the new state.
        C.addTransition(State);
      }
    }
diff --git a/test/Analysis/keychainAPI.m b/test/Analysis/keychainAPI.m

index 85cc8eafaa5ca129f9055889c9eabfc5fe133712..596984c69ed9509321f4c5838d99bb2a8dd0659e 100644 (file)
--- a/test/Analysis/keychainAPI.m
+++ b/test/Analysis/keychainAPI.m
@@ -65,7 +65,8 @@ int foo () {
    void *outData;
  
    st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
-  SecKeychainItemFreeContent(ptr, outData);
+  if (st == noErr)
+    SecKeychainItemFreeContent(ptr, outData);
  
    return 0;
  }
author	Anna Zaks <ganna@apple.com>
	Tue, 2 Aug 2011 17:11:03 +0000 (17:11 +0000)
committer	Anna Zaks <ganna@apple.com>
	Tue, 2 Aug 2011 17:11:03 +0000 (17:11 +0000)
lib/StaticAnalyzer/Checkers/Checkers.td		patch \| blob \| history
lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp		patch \| blob \| history
test/Analysis/keychainAPI.m		patch \| blob \| history