 |
|
 |
|
| Files: |
1 |
|
Branches Taken: |
75.0% |
15 / 20 |
| Generated: |
2010-02-10 01:31 |
|
Branches Executed: |
90.0% |
18 / 20 |
| |
|
Line Coverage: |
100.0% |
24 / 24 |
| |
 |
|
 |
1 : //=== FixedAddressChecker.cpp - Fixed address usage checker ----*- C++ -*--===//
2 : //
3 : // The LLVM Compiler Infrastructure
4 : //
5 : // This file is distributed under the University of Illinois Open Source
6 : // License. See LICENSE.TXT for details.
7 : //
8 : //===----------------------------------------------------------------------===//
9 : //
10 : // This files defines FixedAddressChecker, a builtin checker that checks for
11 : // assignment of a fixed address to a pointer.
12 : // This check corresponds to CWE-587.
13 : //
14 : //===----------------------------------------------------------------------===//
15 :
16 : #include "clang/Checker/PathSensitive/CheckerVisitor.h"
17 : #include "GRExprEngineInternalChecks.h"
18 :
19 : using namespace clang;
20 :
21 : namespace {
22 : class FixedAddressChecker
1845: branch 1 taken
0: branch 2 not taken
0: branch 5 not taken
0: branch 6 not taken
23 1845: : public CheckerVisitor<FixedAddressChecker> {
24 : BuiltinBug *BT;
25 : public:
26 1845: FixedAddressChecker() : BT(0) {}
27 : static void *getTag();
28 : void PreVisitBinaryOperator(CheckerContext &C, const BinaryOperator *B);
29 : };
30 : }
31 :
32 1845: void *FixedAddressChecker::getTag() {
33 : static int x;
34 1845: return &x;
35 : }
36 :
37 : void FixedAddressChecker::PreVisitBinaryOperator(CheckerContext &C,
38 3124: const BinaryOperator *B) {
39 : // Using a fixed address is not portable because that address will probably
40 : // not be valid in all environments or platforms.
41 :
1927: branch 1 taken
1197: branch 2 taken
42 3124: if (B->getOpcode() != BinaryOperator::Assign)
43 1927: return;
44 :
45 1197: QualType T = B->getType();
800: branch 2 taken
397: branch 3 taken
46 1197: if (!T->isPointerType())
47 800: return;
48 :
49 397: const GRState *state = C.getState();
50 :
51 397: SVal RV = state->getSVal(B->getRHS());
52 :
55: branch 1 taken
342: branch 2 taken
53: branch 4 taken
2: branch 5 taken
395: branch 6 taken
2: branch 7 taken
53 397: if (!RV.isConstant() || RV.isZeroConstant())
54 395: return;
55 :
2: branch 1 taken
0: branch 2 not taken
56 2: if (ExplodedNode *N = C.GenerateNode()) {
2: branch 0 taken
0: branch 1 not taken
57 2: if (!BT)
58 : BT = new BuiltinBug("Use fixed address",
59 : "Using a fixed address is not portable because that "
60 : "address will probably not be valid in all "
61 2: "environments or platforms.");
62 2: RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription(), N);
63 2: R->addRange(B->getRHS()->getSourceRange());
64 2: C.EmitReport(R);
2: branch 1 taken
395: branch 2 taken
65 397: }
66 : }
67 :
68 1845: void clang::RegisterFixedAddressChecker(GRExprEngine &Eng) {
69 1845: Eng.registerCheck(new FixedAddressChecker());
70 1845: }
Generated: 2010-02-10 01:31 by zcov