public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls @ 2022-06-08 14:43 dmalcolm at gcc dot gnu.org 2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-06-08 14:43 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 Bug ID: 105893 Summary: RFE: -fanalyzer could check putenv calls Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 105887 Target Milestone: --- See https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-cert-pos-34c I think this might be relatively easy to implement using the analyzer's region model code. Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 [Bug 105887] RFE: clang analyzer warnings that GCC's -fanalyzer could implement ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/105893] RFE: -fanalyzer could check putenv calls 2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org @ 2022-07-28 14:22 ` dmalcolm at gcc dot gnu.org 2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org 2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-07-28 14:22 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2022-07-28 Ever confirmed|0 |1 Status|UNCONFIRMED |ASSIGNED --- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- I'm working on this. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/105893] RFE: -fanalyzer could check putenv calls 2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org 2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org @ 2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org 2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-07-28 21:25 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 --- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>: https://gcc.gnu.org/g:872693eebb6b88f4b6a2767727a9565d05172768 commit r13-1881-g872693eebb6b88f4b6a2767727a9565d05172768 Author: David Malcolm <dmalcolm@redhat.com> Date: Thu Jul 28 17:21:29 2022 -0400 analyzer: new warning: -Wanalyzer-putenv-of-auto-var [PR105893] This patch implements a new -fanalyzer warning: -Wanalyzer-putenv-of-auto-var which complains about stack pointers passed to putenv(3) calls, as per SEI CERT C Coding Standard rule POS34-C ("Do not call putenv() with a pointer to an automatic variable as the argument"). For example, given: #include <stdio.h> #include <stdlib.h> void test_arr (void) { char arr[] = "NAME=VALUE"; putenv (arr); } it emits: demo.c: In function âtest_arrâ: demo.c:7:3: warning: âputenvâ on a pointer to automatic variable âarrâ [POS34-C] [-Wanalyzer-putenv-of-auto-var] 7 | putenv (arr); | ^~~~~~~~~~~~ âtest_arrâ: event 1 | | 7 | putenv (arr); | | ^~~~~~~~~~~~ | | | | | (1) âputenvâ on a pointer to automatic variable âarrâ | demo.c:6:8: note: âarrâ declared on stack here 6 | char arr[] = "NAME=VALUE"; | ^~~ demo.c:7:3: note: perhaps use âsetenvâ rather than âputenvâ 7 | putenv (arr); | ^~~~~~~~~~~~ gcc/analyzer/ChangeLog: PR analyzer/105893 * analyzer.opt (Wanalyzer-putenv-of-auto-var): New. * region-model-impl-calls.cc (class putenv_of_auto_var): New. (region_model::impl_call_putenv): New. * region-model.cc (region_model::on_call_pre): Handle putenv. * region-model.h (region_model::impl_call_putenv): New decl. gcc/ChangeLog: PR analyzer/105893 * doc/invoke.texi: Add -Wanalyzer-putenv-of-auto-var. gcc/testsuite/ChangeLog: PR analyzer/105893 * gcc.dg/analyzer/putenv-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com> ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/105893] RFE: -fanalyzer could check putenv calls 2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org 2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org 2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org @ 2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org 2 siblings, 0 replies; 4+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-07-28 21:37 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893 David Malcolm <dmalcolm at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED Version|12.0 |13.0 --- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> --- Implemented for GCC 13 by the above patch; marking as resolved. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-07-28 21:37 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org 2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org 2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org 2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).