public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls
@ 2022-06-08 14:43 dmalcolm at gcc dot gnu.org
2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-08 14:43 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893
Bug ID: 105893
Summary: RFE: -fanalyzer could check putenv calls
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 105887
Target Milestone: ---
See
https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-cert-pos-34c
I think this might be relatively easy to implement using the analyzer's region
model code.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887
[Bug 105887] RFE: clang analyzer warnings that GCC's -fanalyzer could implement
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/105893] RFE: -fanalyzer could check putenv calls
2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org
@ 2022-07-28 14:22 ` dmalcolm at gcc dot gnu.org
2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org
2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-07-28 14:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2022-07-28
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
I'm working on this.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/105893] RFE: -fanalyzer could check putenv calls
2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org
2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org
@ 2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org
2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-07-28 21:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:872693eebb6b88f4b6a2767727a9565d05172768
commit r13-1881-g872693eebb6b88f4b6a2767727a9565d05172768
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Jul 28 17:21:29 2022 -0400
analyzer: new warning: -Wanalyzer-putenv-of-auto-var [PR105893]
This patch implements a new -fanalyzer warning:
-Wanalyzer-putenv-of-auto-var
which complains about stack pointers passed to putenv(3) calls, as
per SEI CERT C Coding Standard rule POS34-C ("Do not call putenv() with
a pointer to an automatic variable as the argument").
For example, given:
#include <stdio.h>
#include <stdlib.h>
void test_arr (void)
{
char arr[] = "NAME=VALUE";
putenv (arr);
}
it emits:
demo.c: In function âtest_arrâ:
demo.c:7:3: warning: âputenvâ on a pointer to automatic variable
âarrâ [POS34-C] [-Wanalyzer-putenv-of-auto-var]
7 | putenv (arr);
| ^~~~~~~~~~~~
âtest_arrâ: event 1
|
| 7 | putenv (arr);
| | ^~~~~~~~~~~~
| | |
| | (1) âputenvâ on a pointer to automatic variable
âarrâ
|
demo.c:6:8: note: âarrâ declared on stack here
6 | char arr[] = "NAME=VALUE";
| ^~~
demo.c:7:3: note: perhaps use âsetenvâ rather than âputenvâ
7 | putenv (arr);
| ^~~~~~~~~~~~
gcc/analyzer/ChangeLog:
PR analyzer/105893
* analyzer.opt (Wanalyzer-putenv-of-auto-var): New.
* region-model-impl-calls.cc (class putenv_of_auto_var): New.
(region_model::impl_call_putenv): New.
* region-model.cc (region_model::on_call_pre): Handle putenv.
* region-model.h (region_model::impl_call_putenv): New decl.
gcc/ChangeLog:
PR analyzer/105893
* doc/invoke.texi: Add -Wanalyzer-putenv-of-auto-var.
gcc/testsuite/ChangeLog:
PR analyzer/105893
* gcc.dg/analyzer/putenv-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug analyzer/105893] RFE: -fanalyzer could check putenv calls
2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org
2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org
2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org
@ 2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-07-28 21:37 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105893
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
Version|12.0 |13.0
--- Comment #3 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Implemented for GCC 13 by the above patch; marking as resolved.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-07-28 21:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-08 14:43 [Bug analyzer/105893] New: RFE: -fanalyzer could check putenv calls dmalcolm at gcc dot gnu.org
2022-07-28 14:22 ` [Bug analyzer/105893] " dmalcolm at gcc dot gnu.org
2022-07-28 21:25 ` cvs-commit at gcc dot gnu.org
2022-07-28 21:37 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).