From: Anna Zaks Date: Tue, 2 Aug 2011 17:11:03 +0000 (+0000) Subject: KeychainAPI checker: only check the paths on which the allocator function returned... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e68b5f1fa73f8404c5d6859a3d8a139fb1da7bbb;p=clang KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136694 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Checkers/Checkers.td b/lib/StaticAnalyzer/Checkers/Checkers.td index a450240286..fee689fd6f 100644 --- a/lib/StaticAnalyzer/Checkers/Checkers.td +++ b/lib/StaticAnalyzer/Checkers/Checkers.td @@ -281,7 +281,7 @@ def OSAtomicChecker : Checker<"AtomicCAS">, let ParentPackage = OSXExperimental in { def MacOSKeychainAPIChecker : Checker<"KeychainAPI">, - InPackage, + InPackage, HelpText<"Check for proper uses of Secure Keychain APIs">, DescFile<"MacOSKeychainAPIChecker.cpp">; diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp index 3e80d9cc42..f9a43fdc3a 100644 --- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp @@ -119,10 +119,21 @@ void MacOSKeychainAPIChecker::checkPostStmt(const CallExpr *CE, if (idx != InvalidParamVal) { SVal Param = State->getSVal(CE->getArg(idx)); if (const loc::MemRegionVal *X = dyn_cast(&Param)) { - SymbolRef V = SM.Retrieve (State->getStore(), *X).getAsSymbol(); + // Add the symbolic value, which represents the location of the allocated + // data, to the set. + SymbolRef V = SM.Retrieve(State->getStore(), *X).getAsSymbol(); if (!V) return; State = State->add(V); + + // We only need to track the value if the function returned noErr(0), so + // bind the return value of the function to 0. + SValBuilder &Builder = C.getSValBuilder(); + SVal ZeroVal = Builder.makeZeroVal(Builder.getContext().CharTy); + State = State->BindExpr(CE, ZeroVal); + assert(State); + + // Proceed from the new state. C.addTransition(State); } } diff --git a/test/Analysis/keychainAPI.m b/test/Analysis/keychainAPI.m index 85cc8eafaa..596984c69e 100644 --- a/test/Analysis/keychainAPI.m +++ b/test/Analysis/keychainAPI.m @@ -65,7 +65,8 @@ int foo () { void *outData; st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData); - SecKeychainItemFreeContent(ptr, outData); + if (st == noErr) + SecKeychainItemFreeContent(ptr, outData); return 0; }