From df9ca633b669374a75a1e09ec5d77c185200142e Mon Sep 17 00:00:00 2001 From: Ted Kremenek Date: Fri, 6 Nov 2009 20:16:31 +0000 Subject: Sentence-case bug type, and pull tests from region-only-test.c into misc-ps-region.store.m (removing an extra unneeded test file). Also add a bunch of FIXME comments for future enhancements. llvm-svn: 86282 --- clang/lib/Analysis/ReturnPointerRangeChecker.cpp | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'clang/lib/Analysis/ReturnPointerRangeChecker.cpp') diff --git a/clang/lib/Analysis/ReturnPointerRangeChecker.cpp b/clang/lib/Analysis/ReturnPointerRangeChecker.cpp index 4ca72716a8d..181d7361996 100644 --- a/clang/lib/Analysis/ReturnPointerRangeChecker.cpp +++ b/clang/lib/Analysis/ReturnPointerRangeChecker.cpp @@ -51,10 +51,13 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C, const ElementRegion *ER = dyn_cast_or_null(R); if (!ER) - return; + return; DefinedOrUnknownSVal &Idx = cast(ER->getIndex()); + // FIXME: All of this out-of-bounds checking should eventually be refactored into a + // common place. + // Zero index is always in bound, this also passes ElementRegions created for // pointer casts. if (Idx.isZeroConstant()) @@ -72,15 +75,21 @@ void ReturnPointerRangeChecker::PreVisitReturnStmt(CheckerContext &C, if (!N) return; + // FIXME: This bug correspond to CWE-466. Eventually we should have bug types explicitly + // reference such exploit categories (when applicable). if (!BT) - BT = new BuiltinBug("Return of Pointer Value Outside of Expected Range"); - + BT = new BuiltinBug("Return of pointer value outside of expected range", + "Returned pointer value points outside the original object (potential buffer overflow)"); + + // FIXME: It would be nice to eventually make this diagnostic more clear, e.g., by referencing + // the original declaration or by saying *why* this reference is outside the range. + // Generate a report for this bug. RangedBugReport *report = new RangedBugReport(*BT, BT->getDescription().c_str(), N); - report->addRange(RS->getSourceRange()); - + report->addRange(RetE->getSourceRange()); + C.EmitReport(report); } } -- cgit v1.2.3