diff options
| author | Anna Zaks <ganna@apple.com> | 2011-08-02 17:11:03 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2011-08-02 17:11:03 +0000 |
| commit | 9ab728bb058429358fc1aba008e2d32c71106240 (patch) | |
| tree | fb44d79cb317b2e47f6c341257facf7d4564601e /clang | |
| parent | 5204bded1d003f23c788ebce266eba900a930782 (diff) | |
| download | bcm5719-llvm-9ab728bb058429358fc1aba008e2d32c71106240.tar.gz bcm5719-llvm-9ab728bb058429358fc1aba008e2d32c71106240.zip | |
KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)
llvm-svn: 136694
Diffstat (limited to 'clang')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/Checkers.td | 2 | ||||
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp | 13 | ||||
| -rw-r--r-- | clang/test/Analysis/keychainAPI.m | 3 |
3 files changed, 15 insertions, 3 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/Checkers.td b/clang/lib/StaticAnalyzer/Checkers/Checkers.td index a450240286f..fee689fd6fb 100644 --- a/clang/lib/StaticAnalyzer/Checkers/Checkers.td +++ b/clang/lib/StaticAnalyzer/Checkers/Checkers.td @@ -281,7 +281,7 @@ def OSAtomicChecker : Checker<"AtomicCAS">, let ParentPackage = OSXExperimental in { def MacOSKeychainAPIChecker : Checker<"KeychainAPI">, - InPackage<OSX>, + InPackage<OSXExperimental>, HelpText<"Check for proper uses of Secure Keychain APIs">, DescFile<"MacOSKeychainAPIChecker.cpp">; diff --git a/clang/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp index 3e80d9cc428..f9a43fdc3a4 100644 --- a/clang/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp @@ -119,10 +119,21 @@ void MacOSKeychainAPIChecker::checkPostStmt(const CallExpr *CE, if (idx != InvalidParamVal) { SVal Param = State->getSVal(CE->getArg(idx)); if (const loc::MemRegionVal *X = dyn_cast<loc::MemRegionVal>(&Param)) { - SymbolRef V = SM.Retrieve (State->getStore(), *X).getAsSymbol(); + // Add the symbolic value, which represents the location of the allocated + // data, to the set. + SymbolRef V = SM.Retrieve(State->getStore(), *X).getAsSymbol(); if (!V) return; State = State->add<AllocatedData>(V); + + // We only need to track the value if the function returned noErr(0), so + // bind the return value of the function to 0. + SValBuilder &Builder = C.getSValBuilder(); + SVal ZeroVal = Builder.makeZeroVal(Builder.getContext().CharTy); + State = State->BindExpr(CE, ZeroVal); + assert(State); + + // Proceed from the new state. C.addTransition(State); } } diff --git a/clang/test/Analysis/keychainAPI.m b/clang/test/Analysis/keychainAPI.m index 85cc8eafaa5..596984c69ed 100644 --- a/clang/test/Analysis/keychainAPI.m +++ b/clang/test/Analysis/keychainAPI.m @@ -65,7 +65,8 @@ int foo () { void *outData; st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData); - SecKeychainItemFreeContent(ptr, outData); + if (st == noErr) + SecKeychainItemFreeContent(ptr, outData); return 0; } |
