[analyzer] Catch the first taint propagation implied buffer overflow. - bcm5719-llvm

diff options

author	Anna Zaks <ganna@apple.com>	2011-11-16 19:58:17 +0000
committer	Anna Zaks <ganna@apple.com>	2011-11-16 19:58:17 +0000
commit	20829c90be03ed873e445d570bc3503c9f6af3b1 (patch)
tree	5ee343cffeaf0179b0b03029a729711ae03ca15f /clang/lib/Basic/SourceManager.cpp
parent	5c5bf9b634e446bea775839de4e2138b4df6adb6 (diff)
download	bcm5719-llvm-20829c90be03ed873e445d570bc3503c9f6af3b1.tar.gz bcm5719-llvm-20829c90be03ed873e445d570bc3503c9f6af3b1.zip

[analyzer] Catch the first taint propagation implied buffer overflow.

Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows when the offset is tainted. Previously, we did not report bugs when the state was underconstrained (not enough information about the bound to determine if there is an overflow) to avoid false positives. However, if we know that the buffer offset is tainted - comes in from the user space and can be anything, we should report it as a bug. + The very first example of us catching a taint related bug. This is the only example we can currently handle. More to come... llvm-svn: 144826

Diffstat (limited to 'clang/lib/Basic/SourceManager.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: