From: Anna Zaks Date: Fri, 12 Aug 2011 22:47:22 +0000 (+0000) Subject: MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing functi... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=79c9c75737cb22fd74d186999eccc10672eef8c0;p=clang MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137526 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp index d955f4bdb5..1663252cdd 100644 --- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp @@ -349,6 +349,11 @@ void MacOSKeychainAPIChecker::checkPostStmt(const CallExpr *CE, return; const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param); + // If the argument entered as an enclosing function parameter, skip it to + // avoid false positives. + if (isEnclosingFunctionParam(ArgExpr)) + return; + if (SymbolRef V = getAsPointeeSymbol(ArgExpr, C)) { // If the argument points to something that's not a symbolic region, it // can be: diff --git a/test/Analysis/keychainAPI.m b/test/Analysis/keychainAPI.m index be9d74c31e..74834ab5d5 100644 --- a/test/Analysis/keychainAPI.m +++ b/test/Analysis/keychainAPI.m @@ -133,6 +133,17 @@ void* returnContent() { return outData; } // no-warning +// Password was passed in as an argument and does nt have to be deleted. +OSStatus getPasswordAndItem(void** password, UInt32* passwordLength) { + OSStatus err; + SecKeychainItemRef item; + err = SecKeychainFindGenericPassword(0, 3, "xx", + 3, "xx", + passwordLength, password, + &item); + return err; +} // no-warning + int apiMismatch(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass) {