CSA: Tainted argument does not propagate

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CSA: Tainted argument does not propagate

Hans Wennborg via cfe-dev
Hello,

I'm using the Clang Static Analyzer to find tainted allocations, so I added the checkBind callback to the Generic Taint Checker to test if the loaded "Val" is tainted.

However when running it on the following code ...

int somfunc(int c) {
  int d = c;
}
int main() {
  int a;
  scanf("%d", &a);
  int b = a;
  somefunc(a);
}

... a and b are marked as tainted, but c is not, State->isTainted(Val) returns false.
Why is that?

Thanks,
Tom

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: CSA: Tainted argument does not propagate

Hans Wennborg via cfe-dev
 > warning: implicit declaration of function 'somefunc' is invalid in C99

You have a typo: somfunc => somefunc.

Once you fix it, it'd work correctly.

You could have also noticed that via the -analyzer-display-progress flag.

Also you can use the debug.TaintTest checker to dump all tainted
expressions.

On 19/02/2018 4:34 AM, themod 1302 via cfe-dev wrote:

> Hello,
>
> I'm using the Clang Static Analyzer to find tainted allocations, so I
> added the checkBind callback to the Generic Taint Checker to test if
> the loaded "Val" is tainted.
>
> However when running it on the following code ...
>
> int somfunc(int c) {
>   int d = c;
> }
> int main() {
>   int a;
>   scanf("%d", &a);
>   int b = a;
>   somefunc(a);
> }
>
> ... a and b are marked as tainted, but c is not, State->isTainted(Val)
> returns false.
> Why is that?
>
> Thanks,
> Tom
>
>
> _______________________________________________
> cfe-dev mailing list
> [hidden email]
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev