diff options
| author | Zhongxing Xu <xuzhongxing@gmail.com> | 2009-11-11 11:55:54 +0000 |
|---|---|---|
| committer | Zhongxing Xu <xuzhongxing@gmail.com> | 2009-11-11 11:55:54 +0000 |
| commit | 3ef93badbe6fbb62c8df82d7bff138a7d8851695 (patch) | |
| tree | 09996fd83ed774ebcba18e2502a37ea60c77b1e6 /clang/lib/Analysis/ReturnPointerRangeChecker.cpp | |
| parent | f580187aed19b5dbad747467c58746b6181ea697 (diff) | |
| download | bcm5719-llvm-3ef93badbe6fbb62c8df82d7bff138a7d8851695.tar.gz bcm5719-llvm-3ef93badbe6fbb62c8df82d7bff138a7d8851695.zip | |
ReturnPointerRangeChecker: use StripCasts() instead of checking for zero index
explicitly.
Fix 80-col violations.
llvm-svn: 86833
Diffstat (limited to 'clang/lib/Analysis/ReturnPointerRangeChecker.cpp')
| -rw-r--r-- | clang/lib/Analysis/ReturnPointerRangeChecker.cpp | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/clang/lib/Analysis/ReturnPointerRangeChecker.cpp b/clang/lib/Analysis/ReturnPointerRangeChecker.cpp index 181d7361996..261081ebb41 100644 --- a/clang/lib/Analysis/ReturnPointerRangeChecker.cpp +++ b/clang/lib/Analysis/ReturnPointerRangeChecker.cpp @@ -48,6 +48,12 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C, SVal V = state->getSVal(RetE); const MemRegion *R = V.getAsRegion(); + if (!R) + return; + + R = R->StripCasts(); + if (!R) + return; const ElementRegion *ER = dyn_cast_or_null<ElementRegion>(R); if (!ER) @@ -55,13 +61,8 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C, DefinedOrUnknownSVal &Idx = cast<DefinedOrUnknownSVal>(ER->getIndex()); - // FIXME: All of this out-of-bounds checking should eventually be refactored into a - // common place. - - // Zero index is always in bound, this also passes ElementRegions created for - // pointer casts. - if (Idx.isZeroConstant()) - return; + // FIXME: All of this out-of-bounds checking should eventually be refactored + // into a common place. SVal NumVal = C.getStoreManager().getSizeInElements(state, ER->getSuperRegion()); @@ -75,14 +76,16 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C, if (!N) return; - // FIXME: This bug correspond to CWE-466. Eventually we should have bug types explicitly - // reference such exploit categories (when applicable). + // FIXME: This bug correspond to CWE-466. Eventually we should have bug + // types explicitly reference such exploit categories (when applicable). if (!BT) BT = new BuiltinBug("Return of pointer value outside of expected range", - "Returned pointer value points outside the original object (potential buffer overflow)"); + "Returned pointer value points outside the original object " + "(potential buffer overflow)"); - // FIXME: It would be nice to eventually make this diagnostic more clear, e.g., by referencing - // the original declaration or by saying *why* this reference is outside the range. + // FIXME: It would be nice to eventually make this diagnostic more clear, + // e.g., by referencing the original declaration or by saying *why* this + // reference is outside the range. // Generate a report for this bug. RangedBugReport *report = |
