003 File Manager
Current Path:
/usr/src/contrib/llvm-project/clang/lib/StaticAnalyzer/Checkers
usr
/
src
/
contrib
/
llvm-project
/
clang
/
lib
/
StaticAnalyzer
/
Checkers
/
📁
..
📄
AllocationState.h
(1.41 KB)
📄
AnalysisOrderChecker.cpp
(8.62 KB)
📄
AnalyzerStatsChecker.cpp
(5.04 KB)
📄
ArrayBoundChecker.cpp
(3.22 KB)
📄
ArrayBoundCheckerV2.cpp
(13.07 KB)
📄
BasicObjCFoundationChecks.cpp
(43.82 KB)
📄
BlockInCriticalSectionChecker.cpp
(6.69 KB)
📄
BoolAssignmentChecker.cpp
(3.45 KB)
📄
BuiltinFunctionChecker.cpp
(5 KB)
📄
CStringChecker.cpp
(93.24 KB)
📄
CStringSyntaxChecker.cpp
(9.8 KB)
📄
CXXSelfAssignmentChecker.cpp
(3.08 KB)
📄
CallAndMessageChecker.cpp
(26.57 KB)
📄
CastSizeChecker.cpp
(4.96 KB)
📄
CastToStructChecker.cpp
(4.43 KB)
📄
CastValueChecker.cpp
(19.65 KB)
📄
CheckObjCDealloc.cpp
(37.83 KB)
📄
CheckObjCInstMethSignature.cpp
(4.8 KB)
📄
CheckPlacementNew.cpp
(11.91 KB)
📄
CheckSecuritySyntaxOnly.cpp
(38.79 KB)
📄
CheckSizeofPointer.cpp
(3.16 KB)
📄
CheckerDocumentation.cpp
(14.64 KB)
📄
ChrootChecker.cpp
(4.88 KB)
📄
CloneChecker.cpp
(8.28 KB)
📄
ContainerModeling.cpp
(39.85 KB)
📄
ConversionChecker.cpp
(7.11 KB)
📄
DeadStoresChecker.cpp
(17.82 KB)
📄
DebugCheckers.cpp
(10.41 KB)
📄
DebugContainerModeling.cpp
(4.94 KB)
📄
DebugIteratorModeling.cpp
(5.15 KB)
📄
DeleteWithNonVirtualDtorChecker.cpp
(5.35 KB)
📄
DereferenceChecker.cpp
(10.54 KB)
📄
DirectIvarAssignment.cpp
(8.02 KB)
📄
DivZeroChecker.cpp
(3.42 KB)
📄
DynamicTypeChecker.cpp
(7.31 KB)
📄
DynamicTypePropagation.cpp
(42.11 KB)
📄
EnumCastOutOfRangeChecker.cpp
(5.75 KB)
📄
ExprInspectionChecker.cpp
(15.6 KB)
📄
FixedAddressChecker.cpp
(2.33 KB)
📄
FuchsiaHandleChecker.cpp
(23.1 KB)
📄
GCDAntipatternChecker.cpp
(7.85 KB)
📄
GTestChecker.cpp
(10.52 KB)
📄
GenericTaintChecker.cpp
(34.31 KB)
📄
IdenticalExprChecker.cpp
(18.88 KB)
📄
InnerPointerChecker.cpp
(11.54 KB)
📄
InterCheckerAPI.h
(1.09 KB)
📄
InvalidatedIteratorChecker.cpp
(4.93 KB)
📄
Iterator.cpp
(10.62 KB)
📄
Iterator.h
(6.32 KB)
📄
IteratorModeling.cpp
(31.33 KB)
📄
IteratorRangeChecker.cpp
(12.64 KB)
📄
IvarInvalidationChecker.cpp
(27.63 KB)
📄
LLVMConventionsChecker.cpp
(9.9 KB)
📄
LocalizationChecker.cpp
(52.38 KB)
📄
MIGChecker.cpp
(11.3 KB)
📁
MPI-Checker
📄
MacOSKeychainAPIChecker.cpp
(25.21 KB)
📄
MacOSXAPIChecker.cpp
(6.61 KB)
📄
MallocChecker.cpp
(127.38 KB)
📄
MallocOverflowSecurityChecker.cpp
(11.91 KB)
📄
MallocSizeofChecker.cpp
(8.03 KB)
📄
MismatchedIteratorChecker.cpp
(11.01 KB)
📄
MmapWriteExecChecker.cpp
(3.22 KB)
📄
Move.h
(1.07 KB)
📄
MoveChecker.cpp
(27 KB)
📄
NSAutoreleasePoolChecker.cpp
(2.93 KB)
📄
NSErrorChecker.cpp
(10.6 KB)
📄
NoReturnFunctionChecker.cpp
(5.48 KB)
📄
NonNullParamChecker.cpp
(11.22 KB)
📄
NonnullGlobalConstantsChecker.cpp
(5.09 KB)
📄
NullabilityChecker.cpp
(46.95 KB)
📄
NumberObjectConversionChecker.cpp
(13.69 KB)
📄
OSObjectCStyleCast.cpp
(3.14 KB)
📄
ObjCAtSyncChecker.cpp
(3.34 KB)
📄
ObjCAutoreleaseWriteChecker.cpp
(8.62 KB)
📄
ObjCContainersASTChecker.cpp
(5.5 KB)
📄
ObjCContainersChecker.cpp
(6.71 KB)
📄
ObjCMissingSuperCallChecker.cpp
(9.23 KB)
📄
ObjCPropertyChecker.cpp
(3.03 KB)
📄
ObjCSelfInitChecker.cpp
(16.21 KB)
📄
ObjCSuperDeallocChecker.cpp
(9.33 KB)
📄
ObjCUnusedIVarsChecker.cpp
(6.01 KB)
📄
PaddingChecker.cpp
(14.26 KB)
📄
PointerArithChecker.cpp
(12.18 KB)
📄
PointerIterationChecker.cpp
(3.79 KB)
📄
PointerSortingChecker.cpp
(4.5 KB)
📄
PointerSubChecker.cpp
(2.56 KB)
📄
PthreadLockChecker.cpp
(28.42 KB)
📁
RetainCountChecker
📄
ReturnPointerRangeChecker.cpp
(3.39 KB)
📄
ReturnUndefChecker.cpp
(4.1 KB)
📄
ReturnValueChecker.cpp
(5.79 KB)
📄
RunLoopAutoreleaseLeakChecker.cpp
(7.2 KB)
📄
STLAlgorithmModeling.cpp
(7 KB)
📄
SimpleStreamChecker.cpp
(9.43 KB)
📄
SmartPtr.h
(1.17 KB)
📄
SmartPtrChecker.cpp
(2.68 KB)
📄
SmartPtrModeling.cpp
(8.05 KB)
📄
StackAddrEscapeChecker.cpp
(15 KB)
📄
StdLibraryFunctionsChecker.cpp
(74.86 KB)
📄
StreamChecker.cpp
(37.36 KB)
📄
Taint.cpp
(9.04 KB)
📄
Taint.h
(4.19 KB)
📄
TaintTesterChecker.cpp
(2.17 KB)
📄
TestAfterDivZeroChecker.cpp
(8.19 KB)
📄
TraversalChecker.cpp
(4.38 KB)
📄
TrustNonnullChecker.cpp
(9.12 KB)
📄
UndefBranchChecker.cpp
(3.82 KB)
📄
UndefCapturedBlockVarChecker.cpp
(3.64 KB)
📄
UndefResultChecker.cpp
(7.19 KB)
📄
UndefinedArraySubscriptChecker.cpp
(2.36 KB)
📄
UndefinedAssignmentChecker.cpp
(3.74 KB)
📁
UninitializedObject
📄
UnixAPIChecker.cpp
(18.05 KB)
📄
UnreachableCodeChecker.cpp
(9.59 KB)
📄
VLASizeChecker.cpp
(10.95 KB)
📄
ValistChecker.cpp
(15.65 KB)
📄
VforkChecker.cpp
(7.67 KB)
📄
VirtualCallChecker.cpp
(8.11 KB)
📁
WebKit
📄
Yaml.h
(2.06 KB)
📁
cert
Editing: MallocSizeofChecker.cpp
// MallocSizeofChecker.cpp - Check for dubious malloc arguments ---*- C++ -*-=// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// // // Reports inconsistencies between the casted type of the return value of a // malloc/calloc/realloc call and the operand of any sizeof expressions // contained within its argument(s). // //===----------------------------------------------------------------------===// #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" #include "clang/AST/StmtVisitor.h" #include "clang/AST/TypeLoc.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" #include "llvm/ADT/SmallString.h" #include "llvm/Support/raw_ostream.h" using namespace clang; using namespace ento; namespace { typedef std::pair<const TypeSourceInfo *, const CallExpr *> TypeCallPair; typedef llvm::PointerUnion<const Stmt *, const VarDecl *> ExprParent; class CastedAllocFinder : public ConstStmtVisitor<CastedAllocFinder, TypeCallPair> { IdentifierInfo *II_malloc, *II_calloc, *II_realloc; public: struct CallRecord { ExprParent CastedExprParent; const Expr *CastedExpr; const TypeSourceInfo *ExplicitCastType; const CallExpr *AllocCall; CallRecord(ExprParent CastedExprParent, const Expr *CastedExpr, const TypeSourceInfo *ExplicitCastType, const CallExpr *AllocCall) : CastedExprParent(CastedExprParent), CastedExpr(CastedExpr), ExplicitCastType(ExplicitCastType), AllocCall(AllocCall) {} }; typedef std::vector<CallRecord> CallVec; CallVec Calls; CastedAllocFinder(ASTContext *Ctx) : II_malloc(&Ctx->Idents.get("malloc")), II_calloc(&Ctx->Idents.get("calloc")), II_realloc(&Ctx->Idents.get("realloc")) {} void VisitChild(ExprParent Parent, const Stmt *S) { TypeCallPair AllocCall = Visit(S); if (AllocCall.second && AllocCall.second != S) Calls.push_back(CallRecord(Parent, cast<Expr>(S), AllocCall.first, AllocCall.second)); } void VisitChildren(const Stmt *S) { for (const Stmt *Child : S->children()) if (Child) VisitChild(S, Child); } TypeCallPair VisitCastExpr(const CastExpr *E) { return Visit(E->getSubExpr()); } TypeCallPair VisitExplicitCastExpr(const ExplicitCastExpr *E) { return TypeCallPair(E->getTypeInfoAsWritten(), Visit(E->getSubExpr()).second); } TypeCallPair VisitParenExpr(const ParenExpr *E) { return Visit(E->getSubExpr()); } TypeCallPair VisitStmt(const Stmt *S) { VisitChildren(S); return TypeCallPair(); } TypeCallPair VisitCallExpr(const CallExpr *E) { VisitChildren(E); const FunctionDecl *FD = E->getDirectCallee(); if (FD) { IdentifierInfo *II = FD->getIdentifier(); if (II == II_malloc || II == II_calloc || II == II_realloc) return TypeCallPair((const TypeSourceInfo *)nullptr, E); } return TypeCallPair(); } TypeCallPair VisitDeclStmt(const DeclStmt *S) { for (const auto *I : S->decls()) if (const VarDecl *VD = dyn_cast<VarDecl>(I)) if (const Expr *Init = VD->getInit()) VisitChild(VD, Init); return TypeCallPair(); } }; class SizeofFinder : public ConstStmtVisitor<SizeofFinder> { public: std::vector<const UnaryExprOrTypeTraitExpr *> Sizeofs; void VisitBinMul(const BinaryOperator *E) { Visit(E->getLHS()); Visit(E->getRHS()); } void VisitImplicitCastExpr(const ImplicitCastExpr *E) { return Visit(E->getSubExpr()); } void VisitParenExpr(const ParenExpr *E) { return Visit(E->getSubExpr()); } void VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *E) { if (E->getKind() != UETT_SizeOf) return; Sizeofs.push_back(E); } }; // Determine if the pointee and sizeof types are compatible. Here // we ignore constness of pointer types. static bool typesCompatible(ASTContext &C, QualType A, QualType B) { // sizeof(void*) is compatible with any other pointer. if (B->isVoidPointerType() && A->getAs<PointerType>()) return true; while (true) { A = A.getCanonicalType(); B = B.getCanonicalType(); if (A.getTypePtr() == B.getTypePtr()) return true; if (const PointerType *ptrA = A->getAs<PointerType>()) if (const PointerType *ptrB = B->getAs<PointerType>()) { A = ptrA->getPointeeType(); B = ptrB->getPointeeType(); continue; } break; } return false; } static bool compatibleWithArrayType(ASTContext &C, QualType PT, QualType T) { // Ex: 'int a[10][2]' is compatible with 'int', 'int[2]', 'int[10][2]'. while (const ArrayType *AT = T->getAsArrayTypeUnsafe()) { QualType ElemType = AT->getElementType(); if (typesCompatible(C, PT, AT->getElementType())) return true; T = ElemType; } return false; } class MallocSizeofChecker : public Checker<check::ASTCodeBody> { public: void checkASTCodeBody(const Decl *D, AnalysisManager& mgr, BugReporter &BR) const { AnalysisDeclContext *ADC = mgr.getAnalysisDeclContext(D); CastedAllocFinder Finder(&BR.getContext()); Finder.Visit(D->getBody()); for (CastedAllocFinder::CallVec::iterator i = Finder.Calls.begin(), e = Finder.Calls.end(); i != e; ++i) { QualType CastedType = i->CastedExpr->getType(); if (!CastedType->isPointerType()) continue; QualType PointeeType = CastedType->getPointeeType(); if (PointeeType->isVoidType()) continue; for (CallExpr::const_arg_iterator ai = i->AllocCall->arg_begin(), ae = i->AllocCall->arg_end(); ai != ae; ++ai) { if (!(*ai)->getType()->isIntegralOrUnscopedEnumerationType()) continue; SizeofFinder SFinder; SFinder.Visit(*ai); if (SFinder.Sizeofs.size() != 1) continue; QualType SizeofType = SFinder.Sizeofs[0]->getTypeOfArgument(); if (typesCompatible(BR.getContext(), PointeeType, SizeofType)) continue; // If the argument to sizeof is an array, the result could be a // pointer to any array element. if (compatibleWithArrayType(BR.getContext(), PointeeType, SizeofType)) continue; const TypeSourceInfo *TSI = nullptr; if (i->CastedExprParent.is<const VarDecl *>()) { TSI = i->CastedExprParent.get<const VarDecl *>()->getTypeSourceInfo(); } else { TSI = i->ExplicitCastType; } SmallString<64> buf; llvm::raw_svector_ostream OS(buf); OS << "Result of "; const FunctionDecl *Callee = i->AllocCall->getDirectCallee(); if (Callee && Callee->getIdentifier()) OS << '\'' << Callee->getIdentifier()->getName() << '\''; else OS << "call"; OS << " is converted to a pointer of type '" << PointeeType.getAsString() << "', which is incompatible with " << "sizeof operand type '" << SizeofType.getAsString() << "'"; SmallVector<SourceRange, 4> Ranges; Ranges.push_back(i->AllocCall->getCallee()->getSourceRange()); Ranges.push_back(SFinder.Sizeofs[0]->getSourceRange()); if (TSI) Ranges.push_back(TSI->getTypeLoc().getSourceRange()); PathDiagnosticLocation L = PathDiagnosticLocation::createBegin(i->AllocCall->getCallee(), BR.getSourceManager(), ADC); BR.EmitBasicReport(D, this, "Allocator sizeof operand mismatch", categories::UnixAPI, OS.str(), L, Ranges); } } } }; } void ento::registerMallocSizeofChecker(CheckerManager &mgr) { mgr.registerChecker<MallocSizeofChecker>(); } bool ento::shouldRegisterMallocSizeofChecker(const CheckerManager &mgr) { return true; }
Upload File
Create Folder